October 3, 2016

Compromised: Yahoo’s massive security breach may have affected 1 billion accounts

Yahoo is among the primary targets of cyber attacks, and its lack of security led to over 500 million user accounts being stolen.

More than a week ago, Yahoo executives revealed that over 500 million user accounts were stolen—and this has been going on for two years. This makes the hacking the biggest data breach in a single company’s network. The company and the Federal Bureau of Investigation are now investigating the case and going over the details of the incident.

However, just a couple of days ago, a former Yahoo executive reveals that the number of compromised accounts may have reached 1 billion.


Cyber attacks are not uncommon; almost every company is facing some sort of network intrusion from hackers. Large corporations, unfortunately, are often the primary targets of cyber attacks. But, what went wrong with Yahoo’s security?

Six years ago, Yahoo and Google were among the many tech companies hit by hackers. While Google’s co-founder Sergey Brin went on to up its security measures and vowed to never give hackers the chance to breach their systems again, Yahoo’s chief executive Marissa Mayer put security at the back of the queue and prioritized product developments.

With the security lacking, the company failed to thwart hackers in stealing private information such as names, email addresses, encrypted passwords, security questions, contact numbers, and birth dates.  

Nonetheless, it seems that the company was not negligent in security. There were efforts to develop more secured codes, hunt down cyber criminal activities, and collaborate with other companies when it comes to data security. All of these happened when Yahoo hired a new chief information security officer, Mr. Alex Stamos.

In any case, Yahoo’s security was lacking and this has been a major factor in its vulnerability to cyber attacks.


With the massive data breach causing alarm to millions of users, US senators, led by Senator Patrick Leahy, sent a letter to Yahoo chief executive Marissa Mayer to disclose the details of the cyber attack and how the company was unable to detect it early on. The company was also asked to provide a timeline of the attack.

As the letter says, “Consumers put their trust in companies when they share personal and sensitive information with them, and they expect all possible steps be taken to protect that information.”

The company is also facing civil lawsuits due to the security breach. One of the complaints stated that Yahoo has been grossly negligent in the security of users’ personal information. Users are alarmed at the possibility of this incident branching out to other breaches, as well.


Yahoo’s hacking incident has severe implications on its $4.8 billion deal with Verizon. In the sale agreement between Yahoo and Verizon, the latter has the option to renegotiate the deal if there is a material adverse change (MAC). This includes any event or circumstance that would or would be expected to have a material adverse effect. In any case, Verizon can negotiate to lower the price of the acquisition due to the MAC.


Yahoo’s security breach is a classic example of why security should always be a priority. Whether the one involved is an individual or a multi-national company, there should be necessary steps to take in order to avoid several repercussions.