In July 2016, the company disclosed the event stating that the 2013 attack on its network had affected one billion accounts. It was described as the biggest known breach of a company’s computer network. In October 2017, Yahoo's new owner Verizon discovered that 3 billion (not 1 billion) accounts had been compromised.
The unidentified 2013 hackers (said to be unconnected to those behind the company's 2014 hack) exfiltrated names, dates of birth, email addresses, security questions and answers and poorly protected passwords.
In March 2018 it was reported that the company agreed to pay $80 million to settle a federal securities class action lawsuit following the massive data breaches. The settlement included all those who purchased Yahoo securities on the open market between April 2013 and Dec 2016.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions