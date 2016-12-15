Verizon’s acquisition of Yahoo could face
further setbacks after the internet giant admitted to another
data breach that may have affected up to one billion users.
The hack is believed to have occurred in 2013 and Yahoo said
it was unrelated to a
2014 breach disclosed in September which left 500 million
user accounts exposed.
Following that disclosure,
reports claimed Verizon was looking to negotiate a discount
on its $4.8 billion takeover,
with its valuation dropping up to 20% in the aftermath.
Yahoo said customer names, phone numbers, passwords and
email addresses were stolen in the 2013 breach, but not bank
and payment data.
Yahoo said it "believes an unauthorised third party, in
August 2013, stole data associated with more than one billion
user accounts".
The breach is one of the largest hacks ever disclosed, but
Verizon has continued with the stance it took following the
previous revelations.
A statement issued by the company said it continues to work
towards integration with Yahoo, adding: "As we've said all
along, we will evaluate the situation as Yahoo continues its
investigation. We will review the impact of this new
development before reaching any final conclusions."
However, the Wall Street Journal quoted an unnamed Verizon
source as saying "all options were on the table" including
renegotiating the price or terminating the deal all
together.
Experts have blasted the internet search giant for being hit
by two of the largest recorded hacks in history within a year
of each other.
Paul German, CEO at encryption specialists Certes, said the
latest revelations brings Yahoo’s attitude to
cyber security into question.
"Yahoo is relying on an outdated cyber security model which
takes a, 'protect’, 'detect’,
'react’ approach which simply does not work. The
problem lies in the fact that once inside a network, there is a
significant delay before a hacker is detected, leaving them
free to move uninhibited, accessing vast quantities of
sensitive data and wreaking havoc.
"There is a fundamental step missing – damage
limitation. At whatever point a hacker enters a network they
must be contained, restricting the data they can access and the
damage they can inflict before they are detected.
"This obvious step is missing from the cyber security
strategies of some of the world’s biggest
organisations and is the reason we are seeing hacks that affect
consumers on such a massive scale. However, by looking to
approaches such as cryptographic segmentation to contain a
threat, businesses can ensure a hacker cannot roam freely
across its network, significantly limiting the impact of an
attack."