Apparently the attack happened in August 2013, making it the largest breach in history and we just found out about it.
The number of affected accounts was double the number implicated in a 2014 breach that the internet company disclosed in September and blamed on hackers working on behalf of a government. News of that attack, which affected at least 500 million accounts, prompted Verizon Communication Inc to say in October that it might withdraw from an agreement to buy Yahoo’s core internet business for $4.83 billion.
Verizon said about the latest attack that it would be reviewing the impact of this new development before reaching any final conclusions.
A Yahoo spokesman said the company has been in communication with Verizon during its investigation into the breach and that it is confident the incident will not affect the pending acquisition.
A spokesYahoo added it believes hackers responsible for the previous breach had also accessed the company’s proprietary code to learn how to forge “cookies” that would allow hackers to access an account without a password.
However some analysts have said that the company has screwed up and was found not to have been taking security seriously enough.
Yahoo said it had not yet identified the intrusion that led to the massive data theft and noted that payment-card data and bank account information were not stored in the system the company believes was affected.
Yahoo said it discovered the breach while reviewing data provided to the company by law enforcement. FireEye Inc’s Mandiant unit and Aon Plc’s Stroz Friedberg are assisting in the investigation, the Yahoo spokesman told Reuters.