Pressure is growing on Yahoo boss Marissa Mayer to come clean over whether she knew the firm was investigating a serious data breach as far back as July, but withheld the information from investors and regulators.
Late last week, it was revealed that the 200 million-strong breach the company said it was looking into in August was in fact far worse, when it admitted that the personal details of over 500 million users had been compromised.
Some 8 million email accounts in Britain, including those of BT Broadband and Sky customers, may have been hit by the breach – which is the largest ever recorded in history.
The cyber attack came to light while the company was investigating a separate claim by a hacker, known as Peace, that 200 million users’ details had been stolen during the summer.
An industry source told The Mirror: “Marissa was aware absolutely – she was involved when Peace surfaced this allegation in July.”
Commenting on this data breach, Joe Hancock, Cyber Security Lead at Mishcon de Reya, said: “This has gone seemingly undetected for over 18 months. 200 million records have been offered for sale since August, and may have come from a previous data breach. Yahoo has moved quite slowly to confirm the breach and to put protective options in place, although the sheer scale of data lost is hard to comprehend.”
“The release is likely to increase the use of the stolen credentials for other online services, or where a similar password has been used. The fact that security questions and answers were lost is also concerning, as they are often common to many services – it’s hard to remember to change your mother’s maiden name or first pet. There are likely to be more historical breaches coming to light in this manner, although they may not be attached to such a large brand.”
He, too, believes the issue may affect its upcoming sale to Verizon. Hancock added: “After the 2013 data breach at Target, legal claims ran to millions of dollars and continued for several years. In the case of TalkTalk, the share price fell by 11.5%, before recovering. Breaches like this hit a business’ balance sheet.”
Yahoo fesses up to largest data breach in history
Personal data on 200m Yahoo users up for grabs
Three held at TalkTalk call centre for data theft
TalkTalk chief hits back: we’re just the punchball
Man jailed for 5 years for gold-fingered hack attack
Porn lovers are exposed as Brazzers site suffers leak
Business ‘not up to job of protecting consumer data’