By Andah John with agency report
The number of affected accounts doubles the number implicated in a 2014 breach that the internet company disclosed in September.
The company has blamed the attack on hackers working on behalf of a government.
And apparently, this is not a good news for Yahoo, as news of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc to say in October that it might withdraw from an agreement to buy the company’s core internet business for $4.83 billion.
Following the latest disclosure, Verizon said, “we will review the impact of this new development before reaching any final conclusions.”
A Yahoo spokesman told Reuters that the company has been in communication with Verizon during its investigation into the breach. It is, thus, confident the incident will not affect the pending acquisition.
Users urged to reset passwords
Yahoo required all of its customers to reset their passwords. It was a stronger measure it took after the previous breach was discovered.
The internet company also said Wednesday that it believes hackers responsible for the previous breach had also accessed the company’s proprietary code. It suspected they aimed to learn how to forge “cookies” that would allow hackers to access an account without a password.
Yahoo losing trust
“Yahoo badly screwed up,” said Bruce Schneier, a cryptologist and one of the world’s most respected security experts. “They weren’t taking security seriously and that’s now very clear. I would have trouble trusting Yahoo going forward.”
Yahoo was tentative in its description of new problems, saying the incident was “likely” distinct from the one it reported in September.
It further said stolen information “may have included” names, e-mail addresses, telephone numbers, and dates of birth. Others are hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
It said it has not yet identified the intrusion that led to the massive data theft. It also clarified that payment-card data and bank account information were not stored in the system the company believes was affected.
Review exposes breach
Yahoo said it discovered the breach while reviewing data provided to the company by law enforcement.
FireEye Inc’s Mandiant unit and Aon Plc’s Stroz Friedberg are assisting in the investigation, the Yahoo spokesman told Reuters.
Younger ones have taken over
The breach is the latest setback for Yahoo, an internet pioneer that has fallen on hard times in recent years. The company has since been eclipsed by younger, fast-growing rivals including Alphabet Inc’s Google and Facebook Inc.
Hours before it announced the breach, executives with Google, Facebook and other large U.S. technology companies met with President-elect Donald Trump in New York.
Reflecting its diminished stature, Yahoo was not invited to the summit, according to people familiar with the meeting.
The Yahoo spokesman said Chief Executive Marissa Mayer was at the company’s Sunnyvale, California headquarters to assist in addressing the new breach.
Yahoo shares were down 2.4 percent to $39.91 in extended trading. Verizon shares were little changed from their close at $51.63.