Technology giant Yahoo is preparing to confirm a massive data breach that it suffered in 2012, an incident that exposed several hundred million user accounts according to the hacker selling the breached data.
Yahoo will soon confirm what users and the cybersecurity world has known for a while now. The company will confirm data breach, so massive that it is likely to figure among the biggest on record.
Recode has cited a source close to the situation that the hacking incident has effected several hundred million accounts. While not being specific about the extent of the breach, “they noted that it is widespread and serious.”
Yahoo is likely to see government investigations and legal action in relation to the breach. In August, Motherboard broke the news of a cybercriminal named “Peace” who was selling credentials of 200 million Yahoo users from a 2012 breach. The data was put up for sale on the dark web in an underground marketplace, for just over $1,800. The data included user details including their easily decrypted passwords, usernames and birthdays along with other personal information.
Soon after the news broke, Yahoo said it was “aware of the claim” but did not reveal any other information including confirming or denying the claim. The tech giant did not issue a mandatory password reset to users, either. Sources for Recode say that while the company might have to now, “it may be a case of too little, too late.”
Recode’s source says that the estimate of 200 million affected user accounts isn’t far off.
“It’s as bad as that,” said one Recode source. “Worse, really.”
The announcement is expected to occur sometime this week at a time when Yahoo’s core business is in the midst of $4.8 billion sale to Verizon. Incidentally, it’s core business is also at the core of this hack and it is yet unknown if Yahoo’s admittance of the breach would have any implications on its impending sale.
Image credit: Pixabay.