Another data theft at Yahoo, this one dating back to 2013 and affecting more than one billion user accounts, could turn up the pressure on its proposed $4.8 billion acquisition by Verizon.
Yahoo issued a statement admitting it had not been able to identify the intrusion associated with the latest theft of user data, but noting it believes the hack is separate from an incident impacting 500 million user accounts it disclosed in September.
The news of a second massive hack, tagged as the world’s largest, could heap pressure on Yahoo’s proposed $4.8 billion sale of its core internet business to Verizon.
In the latest incident, Yahoo said the stolen user account information may have included names, email addresses, phone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
However, the company said the stolen information did not include passwords in clear text, payment card data or bank account information.
Verizon already said in October, following the previous revelation, it had a “reasonable basis” for assuming the hacking of Yahoo email accounts represented a material impact on its acquisition of the internet firm’s online businesses.
Following yesterday’s statement by Yahoo, Verizon said: “We will evaluate the situation as Yahoo continues its investigation. We will review the impact of this new development before reaching any final conclusions”.
According to the Wall Street Journal, Verizon’s talks with Yahoo revolve around the level of obligation the remaining Yahoo would carry for future liabilities associated with the 2014 hack, rather than the US operator pushing for a reduced purchase price.
The US operator adopted this tactic because the cost of future liabilities is unknown, therefore a reduced purchase price is effectively a bet on any future hacks coming to light. Following the most recent revelation, Verizon is in an even stronger negotiating position.