Yahoo is in deep trouble as you may know. The company recently confessed that they had been hacked two years ago and that hackers may have stolen the details of 500 million accounts. This is the biggest hack in the history of the Internet. Their response to that was having people change their passwords and taking security measures like deleting their security questions and logging in to their accounts via remote prompts through the mobile app etc. While these may sound like half measures, and of course they are, something much scarier has surfaced. A former Yahoo executive has given his formal opinion on the hack. He thinks up to 3 billion accounts may have been compromised.
The exec, who wished to remain anonymous, said while he was no longer working their, he was still in contact with Yahoo employees including those involved in the investigation. He told Business Insider that the nature of the Yahoo hack would have compromised many more accounts than the company reported. He estimates that number to be anywhere between 1 and 3 billion.
The exec says that the products of Yahoo use one main database for verification and that was hacked. It contained the data of 700 million to 1 billion monthly active users and a lot of other account users that have just not deleted their accounts yet. This hack potentially compromised security questions, encrypted passwords, birth dates, phone numbers, email addresses etc. It is of course possible that the hackers involved didn’t manage to get all the information and left a lot unharmed but Yahoo’s decision to keep mum about the attack for 2 years certainly raises doubts about the information they delivered. The press release would’ve definitely gone through a dozen filters before it came out.
The attack, which was said to be state sponsored according to Yahoo, has been refuted as anything but by security experts. The nature of the information stolen was personal so what would state sponsored hackers want with it?
This hack was a result of shoddy security and a clash between Marissa Mayer, CEO of Yahoo, and Alex Stamos over investing in security. Mayer put off the investments and though she now denies that the hack was due to a lack of security measures, it’s pretty clear that Yahoo didn’t have the best of security.
Yahoo recently had made a deal to be bought by Verizon for $4.8 billion but due to this hack, the deal may be in jeopardy.