Yahoo hit by largest cyber attack of all time in second mega-hack

Oliver Gill
Follow Oliver
Yahoo Reportedly Considering Laying Off Hundreds
Today's intrusion was the second mammoth attack on Yahoo users accounts in the second half of 2016 (Source: Getty)

More than one billion Yahoo user accounts have been hacked after the search engine revealed it had been the victim of the largest cyber attack in history.

The breach is the second mammoth attack on Yahoo uncovered this year and has affected more than double the number of accounts compared with a breach revealed in September – which the firm said was “distinct” from the latest intrusion.

Read more: Yahoo hack hit 500m user accounts – putting pressure on its Verizon deal

The hack stretched back to August 2013 and led to personal data – such as names, email addresses, dates of birth, passwords and phone number – being stolen from accounts. Yahoo added in a statement:

Payment card data and bank account information are not stored in the system the company believes was affected.

Verizon: Deal or no deal?

The news could have huge implications for the future of the internet company and a $4.8bn (£3.8bn) takeover by US telecoms giant Verizon. Following September's revrelations, Verizon was forced to admit it was considering its options.

However, in the wake of the latest news Verizon was keeping its powder dry for now, it said:

We [Verizon] will review the impact of this new development before reaching any final conclusions.

A spokesperson for Yahoo told Reuters that Verizon has been kept fully appraised of the latest breach and the firm is confident the incident will not impact the Verizon deal.

Read more: Veri-hoo? The $4.83bn Verizon Yahoo deal is go

Cookie concern

Whereas Yahoo blamed the September breach on hackers working on behalf of a government organisation, it currently had no more information as to the identify of the latest attack: “The company has not been able to identify the intrusion associated with the theft.”

Separately, the internet company is also concerned about the creation of “forged cookies”, which could allow hackers to access user accounts by the back door – bypassing password verification.

It has enlisted the help of forensic experts and has ascertained such issues are connected to the “state-sponsored actor” from the attack announced in September.

Related articles