Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Connectivity

A History of Yahoo Hacks

The company’s huge billion-user security breach is the latest in a very long line.

Yahoo has admitted that a major security breach of its systems affected more than a billion users. It’s the worst in its history, and perhaps the biggest ever hack of user data in history. But it’s also just the latest in a long line of recent embarrassing security announcements for the company.

2012: Yahoo Loses Its Voices

When Yahoo acquired the online publishing network Associated Content in 2010 for $100 million, it also bought itself a headache. In July 2012, hackers published a cache of e-mail addresses and encrypted passwords obtained from the servers of Yahoo Voices—the new name for Associated Content. Details of 400,000 user accounts were compromised in the attack. The issue: weak security in the systems inherited by Yahoo that nobody had bothered to upgrade.

2013: Phishing for Mail

The year started badly in 2013 for Yahoo, when many Yahoo Mail users reported that their accounts had been hacked—and it didn’t get better. Despite plugging a series of security holes, the company found that users complained of a series of compromises through the first quarter of the year. Accounts were targeted via phishing attacks, in which users were encouraged to click on links within e-mails. When they did, their accounts were hijacked.

2014: Yahoo Mail (Again)

The start of 2014 wasn’t much better. Toward the end of January, Yahoo was forced to admit that it had identified an attempted hack of customer e-mail account details. Hackers has apparently used a list of usernames and passwords acquired from a third-party server to penetrate user accounts and acquire more names and e-mail addresses. Yahoo swiftly reset passwords to stop the attacks.

2016: The Half-Billion Hack

On September 22, 2016, Yahoo admitted that its servers had been hacked in 2014, with 500 million user accounts affected. Names, e-mail addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and encrypted passwords were captured by the hackers. Yahoo said the attack was carried out by "state-sponsored" hackers. Security researchers InfoArmor disputed that claim.

2016: The Full Billion

On December 14, 2016, Yahoo announced its biggest ever security breach. The hack, widely believed to be the largest ever hack of user records, occurred in 2013 but was only brought to light following a recent investigation spurred by a law enforcement tip-off. The company says that the attack is "likely distinct" from the hack announced in September 2016.

According to the company’s chief information security officer, Bob Lord, hackers obtained "names, e-mail addresses, telephone numbers, dates of birth, hashed passwords, and, in some cases, encrypted or unencrypted security questions and answers." It’s thought that the hack was carried out using forged cookies to gain access to user accounts, without need for a password. The company has said that it believes it could be linked to a "state-sponsored actor."

2017: Verizon's Problem or Not?

In July 2016, Verizon announced that it was planning to acquire the beleaguered Yahoo for $4.8 billion. In October, Verizon's head of product Marni Walden said that the the telco would have to be “careful” in its approach to the deal, given that it has an “obligation to make sure we protect our shareholders and our investors.”

Over the latest news, Verizon spokesman Bob Varettoni said that the company “will review the impact of this new development before reaching any final conclusions” about the deal. But Bloomberg reports that it may be seeking to drive down the price of the acquisition, or even step away from it altogether.

That would seem fair enough. In light of Yahoo's recent track record, there may be yet more surprises in store.

(Read more: Yahoo, Bloomberg, "What Yahoo Got Right")

 

Cut off? Read unlimited articles today.

Become an Insider
Already an Insider? Log in.
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.