Yahoo reported a breach that occurred in August of 2013 and affected 500,000 members.
Yahoo is now reporting a second breach that has affected an estimated 1 billion users. The breach included birth dates, names, hashed passwords, email addresses, telephone numbers and, at least in some cases, security questions and answers, some of which were encrypted.
“This is absolutely shocking that Yahoo has again just been informed by external parties via law enforcement that they have been the victim of the largest data breach in history,” Joseph Carson, Head of Global Strategic Alliances at Thycotic, said. “More than one billion user accounts have been disclosed and impacted by this breach, meaning that almost one in three people using the internet have been impacted by this single breach alone.”
This second breach “brings the total number of stolen credentials and passwords this year to more than 3 billion which almost equals the number of people actually using the internet,” said Carson. “That is astonishing.”
“It appears thus far from the publicly disclosed information that this is resulting from privileged unauthorized third party access. This has been a common source of many of the data breaches this year,” Carson said.
Yahoo is in the process of notifying affected users. “Yahoo has stated that they are notifying account holders impacted by this breach which means they are informing, get this, nearly one out of every seven people on this planet,” said Carson, who expects the breach to “likely impact the proposed agreement between the two companies.”
“The value will likely decrease to cover the potential costs of this breach which could be the biggest financial impact from any cyber breach to date,” he said. “This breach is one to surely watch and will likely cause many issues for Yahoo in the EU with the European Commission and the Data protections regulations who will be looking for answers from Yahoo for both of the major breaches this year.”