Yahoo faces 'existential crisis' after biggest data breach in history sees 500m users hacked

Yahoo is already haemorrhaging users, traffic and advertising to rivals Google and Facebook - the leak of half a billion users personal details will magnify its problems.

Ben Chapman
Friday 23 September 2016 12:42

The biggest data breach in history is an "existential crisis" for Yahoo, analysts have said. Already battling a steep decline in email traffic, chief executive Marissa Mayer's challenge to win back customers just got far more daunting.

The shocking breach of 500 million users accounts disclosed on Thursday risks magnifying Yahoo's big problem — it is haemmorhaging users, traffic and the advertising revenue to Google and Facebook.

In July, 161 million people worldwide used Yahoo email on their desktops, 30 per cent down in just one year. Google's Gmail service gained 9 per cent in the same period and has 429 million users.

How to protect yourself online after the Yahoo hack

Some commentators have joked that the hack would have been far more devastating if people actually still used the company's services. But the reality is that millions around the world still rely on Yahoo mail and other services, who are now potentially at risk of identity theft.

The consequences for Yahoo if those users now leave the company could be dire. “Yahoo may very well be facing an existential crisis,” Corey Williams, senior director at security firm Centrify told the Associated Press.

At the time of the break-in, Yahoo's security team was led by Alex Stamos, a respected industry executive who left last year to take a similar job at Facebook.

Since then it has layed off staff and slashed expenses as revenues have tumbled. The email breach raises questions about the more streamlined Yahoo's ability to maintain secure and effective services.

Two years

Citing "security reasons", Yahoo didn't explain why it took two years to uncover the breach or how it reached the conclusion that a “state-sponsored" actor was responsible.

The company was alerted about a potential breach in July, when the tech site Motherboard reported that a hacker who uses the name “Peace” was trying to sell account information belonging to 200 million Yahoo users.

Yahoo didn't find evidence of that reported hack, but additional inquiries later uncovered a much bigger breach.

Yahoo is now working with the FBI to track the source of the attack. “We take these types of breaches very seriously and will determine how this occurred and who is responsible,” the FBI said on Thursday.

Users' names, email addresses, telephone numbers, birth dates, passwords, and security questions have all been stolen, although bank account and credit cards details haven't, the company said.

Yahoo recommends that all users change their passwords, and the passwords of any other sites that they use the same login details for as the stolen information could be used to break into other online services.

The Verizon deal

News of the security lapse could cause potentially be a big problem Yahoo's proposed sale of much of its digital operations to Verizon.

The deal is supposed to close in early 2017, meaning Verizon has time to lower the $4.8 billion price or even back out if users desert Yahoo or file lawsuits.

There is also the risk that the company could face hefty fines for the breach, especially if it emerges that it knew about it sooner than it has so far admitted.

"If we find out that they knew about this breach two years ago, then there's going to be some hard questions about why they didn't disclose it,“ Keatron Evans, a partner at Blink Digital Security, told CNBC, adding that the situation "will quickly escalate," if Yahoo broke reporting rules over the breach.

“When it's something intentional, and there was obvious intention to defraud, then that's more impetus for congressional hearings,” he said.

Delay of sale?

Verizon has not publically said that the Yahoo breach will affect the sale but it will inevitably have to carry out further due diligence, potentially delaying the deal. “We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities,” the company said in a statement.

Additional reporting by AP

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments