Yahoo Data Breach Is ‘Most Audacious Hack of All Time’

Yahoo
More than 1 billion Yahoo accounts were compromised in a "monumental" data breach in 2013. The company has admitted to identifying a second potential breach during 2015-16. Denis Balibouse/REUTERS

A data breach that saw more than 1 billion Yahoo accounts compromised has been described as “monumental” and “embarrassing” by security experts.

Yahoo has blamed unnamed “state sponsored actors” for the hack, the scale of which represents the largest data breach of all time.

“This is one of the most audacious hacks of all time, not just because of its incredible size…but because it happened way back in August 2013, and has only just been detected,” says Andrew Alston, U.K. director of data security firm Covata.

News of the hack comes amid Verizon’s deal to buy Yahoo for $4.8 billion. The telecommunications firm has said it is reviewing the impact of the breach.

“Whether Verizon will continue with the Yahoo acquisition now is surely questionable, a reminder to all businesses that a hack can result in dire results for the company’s plans,” says Nigel Hawthorn, spokesperson for security firm Skyhigh Networks.

“Embarrassingly, Yahoo has broken its own record and reported the largest data breach in history—and at this stage, it seems that things probably can’t get any worse for the company.”

John Madelin, CEO at Reliance ACSN, adds: “If Verizon were seeking a billion-dollar discount from the agreed $4.8 billion takeover, then logically a breach twice the size should shave off a further $2 billion.”

The data breach is currently being investigated by Ireland’s Data Protection Commissioner (DPC) in order to ascertain whether European data protection laws have been breached.

In a statement released December 15, DPC Ireland said: “The DPC is continuing its investigation into Yahoo EMEA in relation to the data breach notified in September, including an examination of the latest information provided on that incident.

“We understand that Yahoo is issuing guidance to affected users. Users should take the actions outlined in the guidance.”