Yahoo executives announced that Yahoo was breached by hackers and exposed information of more than 10 million of its users. This latest breach shows the fight against data breaches still continues and major industry leaders have still not implemented the right measures to prevent hacks.
Yahoo was aware of the possibility of a breach in August, when a hacker attempted to sell usernames, passwords, and dates of birth of yahoo account users on the internet black market. The hacker was selling the date for three bitcoin, or $1,860.
The breach comes as Yahoo works to finalize a $4.8 billion sale to Verizon. The new owners of the online giant, could face concerned shareholders and a drop in its stock prices. While Yahoo announced the breach, they are expected to provide details on the data breached that affected its users. The tech giant is expected to force users to reset their passwords.
This comes as Chief Executive Officer Marissa Meyer is set to earn more than $44 million, if she leaves the company, when the deal is official. Meyer has been unsuccessful in reviving Yahoo and has failed to launch any groundbreaking products.
Yahoo is concerned that this data breach could cost them the Verizon deal, when investigators begin to look into this recent breach. Yahoo previously encountered a breach by hackers in 204, when Yahoo Mail was compromised forced thousands of users to reset their passwords.
American consumers have grown even more concerned as major companies are continually being attacked. In recent past, major retailers such as Target and Home Depot discovered they were hacked and that cost them millions in penalties and sales. Data breaches have appeared to become an everyday occurrence and are not properly being stopped by law enforcement and companies that are affected by them.
Gartner analyst Avivah Litan said that even though a breach had not been confirmed, all users should assume their credentials were stolen and change their passwords. Stolen passwords are valuable to cyber criminals, she said, because consumers often reuse passwords. Criminals use stolen credentials for so-called “credential stuffing” attacks, which Litan said have surged over the past 18 months.
In such attacks, criminals use automated programs to cycle through stolen user IDs and passwords and log into personal accounts on sites such as banks, travel firms and online gaming firms. While the average success rate is only 1 to 2 percent, consumers stand to lose money, credit card data, frequent flyer points and cash stored on merchant wallets, she said.