Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Connectivity

A History of Yahoo Hacks

The company’s huge billion-user security breach is the latest in a very long line.

Yahoo has admitted that a major security breach of its systems affected more than a billion users. It’s the worst in its history, and perhaps the biggest ever hack of user data in history. But it’s also just the latest in a long line of recent embarrassing security announcements for the company.

2012: Yahoo Loses Its Voices

When Yahoo acquired the online publishing network Associated Content in 2010 for $100 million, it also bought itself a headache. In July 2012, hackers published a cache of e-mail addresses and encrypted passwords obtained from the servers of Yahoo Voices—the new name for Associated Content. Details of 400,000 user accounts were compromised in the attack. The issue: weak security in the systems inherited by Yahoo that nobody had bothered to upgrade.

2013: Phishing for Mail

The year started badly in 2013 for Yahoo, when many Yahoo Mail users reported that their accounts had been hacked—and it didn’t get better. Despite plugging a series of security holes, the company found that users complained of a series of compromises through the first quarter of the year. Accounts were targeted via phishing attacks, in which users were encouraged to click on links within e-mails. When they did, their accounts were hijacked.

2014: Yahoo Mail (Again)

The start of 2014 wasn’t much better. Toward the end of January, Yahoo was forced to admit that it had identified an attempted hack of customer e-mail account details. Hackers has apparently used a list of usernames and passwords acquired from a third-party server to penetrate user accounts and acquire more names and e-mail addresses. Yahoo swiftly reset passwords to stop the attacks.

2016: The Half-Billion Hack

On September 22, 2016, Yahoo admitted that its servers had been hacked in 2014, with 500 million user accounts affected. Names, e-mail addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and encrypted passwords were captured by the hackers. Yahoo said the attack was carried out by "state-sponsored" hackers. Security researchers InfoArmor disputed that claim.

2016: The Full Billion

On December 14, 2016, Yahoo announced its biggest ever security breach. The hack, widely believed to be the largest ever hack of user records, occurred in 2013 but was only brought to light following a recent investigation spurred by a law enforcement tip-off. The company says that the attack is "likely distinct" from the hack announced in September 2016.

According to the company’s chief information security officer, Bob Lord, hackers obtained "names, e-mail addresses, telephone numbers, dates of birth, hashed passwords, and, in some cases, encrypted or unencrypted security questions and answers." It’s thought that the hack was carried out using forged cookies to gain access to user accounts, without need for a password. The company has said that it believes it could be linked to a "state-sponsored actor."

2017: Verizon's Problem or Not?

In July 2016, Verizon announced that it was planning to acquire the beleaguered Yahoo for $4.8 billion. In October, Verizon's head of product Marni Walden said that the the telco would have to be “careful” in its approach to the deal, given that it has an “obligation to make sure we protect our shareholders and our investors.”

Over the latest news, Verizon spokesman Bob Varettoni said that the company “will review the impact of this new development before reaching any final conclusions” about the deal. But Bloomberg reports that it may be seeking to drive down the price of the acquisition, or even step away from it altogether.

That would seem fair enough. In light of Yahoo's recent track record, there may be yet more surprises in store.

(Read more: Yahoo, Bloomberg, "What Yahoo Got Right")

 

Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.