Alert

Yahoo Hack Threatens Verizon Merger

Yahoo’s stock plummeted Thursday as cybersecurity issues continued to rankle the company and reports surfaced that Verizon was looking to change the terms of – or possibly abort – its planned $4.8 billion acquisition of the early internet darling.

Yahoo shares were down more than 6 percent when trading desks closed Thursday, only a day after the company announced a 2013 hack had compromised more than a billion user accounts. Names, email addresses, passwords, phone numbers, birthdays and “in some cases, encrypted or unencrypted security questions and answers” were potentially accessed in the breach.

In a statement, Yahoo said it “has not been able to identify the intrusion associated with this theft” and that it is “likely distinct from the incident the company disclosed on September 22, 2016.” That separate incident is believed to have occurred in 2014, and to have compromised around 500 million accounts.

As many as 150,000 government and military employees may have had their accounts exposed in the most recently announced breach. White House press secretary Josh Earnest on Wednesday confirmed that the FBI was looking into the hacks, but that the White House was not prepared to comment on the investigation’s scope.

To make matters worse for Yahoo, Bloomberg cited an anonymous source Thursday as saying Verizon was looking to alter the terms of a multibillion-dollar accord it struck with the company back in July.


Apostolos Giannakidis, lead security engineer at Waratek, said in an email that Yahoo used what’s known as an MD5 algorithm to protect and store passwords. He describes the MD5 as “by far one of the most vulnerable and broken crypto algorithms.”

“There is no excuse for a leading internet brand to be using MD5 in 2013,” he said. “This shows that even technology giants do not use cryptography correctly, which makes them vulnerable.”

Read the full article

Related alerts

Ready to scale Security with modern software development?

Work with us to accelerate your adoption of Security-as-Code to deliver application security at scale.