Described as the biggest known breach of a company’s computer network.
The company initially disclosed the event in 2016 stating that the 2013 attack on its network had affected one billion accounts. In October 2017, Yahoo's new owner Verizon discovered that 3 billion, not 1 billion, accounts had been compromised.
The unidentified 2013 hackers (said to be unconnected to those behind the company's 2014 hack) exfiltrated names, dates of birth, email addresses, security questions and answers and poorly protected passwords.
In March 2018 it was reported that the company agreed to pay $80 million to settle a federal securities class action lawsuit following the massive data breaches. The settlement includes all those who purchased Yahoo securities on the open market between April 2013 and Dec 2016.
If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.