Someone has been naughty. Yahoo has been under serious stress this year. Due to a long spiral of economic misfortunes, it begrudgingly decided to put itself up for sale. Out of several suitors, Verizon came out on top with a large offer. Then Yahoo had to clarify that 500 million accounts were hacked way back in 2003. That put tremendous pressure on the purchase offer by Verizon, which had agreed to pay $4.83 billion for the struggling Internet company. Forbes described it as “the saddest $5 billion deal in tech history.”
Last week the second shoe dropped. A disclosure by yahoo that another breach had happened, exposing 1 billion records. It is the single largest data breach in history, surpassing the previous largest breach (also by Yahoo). This latest news will only increase the tension. Verizon had was already seeking to renegotiate its offer. This will further depress the potential valuation.
Sadly, it is the Yahoo account holders who are at the greatest risk. Users have received an email notifying them of the breach, in kind words, and recommending they reset their passwords again. The reality is a significant amount of personal information has been exposed, including phone numbers, passwords, backup email addresses and even security questions. All of which could be used by cybercriminals to the victim’s detriment.
It has been reported that data from these breaches is already available on the darknet, for sale by criminals.
For those who have Yahoo accounts, I recommend you change your Yahoo password and anywhere else where that password was used. Make sure no other sites has your Yahoo email as a backup or listed in the account. Hackers may use it as part of a password reset scheme to get into other sensitive accounts. Never reuse passwords and make sure they are strong and unique. Use a reputable password manger if you need.