Verizon is playing hard ball with Yahoo after hack

Verizon didn’t know about massive data breach when it agreed to buy Yahoo for $5 billion.

Verizon is playing hard ball with Yahoo after hack

Verizon could reduce the price it will pay to acquire Yahoo, or walk away from the deal completely.

That could happen if Verizon cannot be reassured that the consequences of Yahoo's massive data breach hasn't had a material impact on the troubled search engine's business, reports BBC News:

A legal representative for Verizon, Craig Silliman, told reporters: "I think we have a reasonable basis to believe right now that the impact is material and we're looking to Yahoo to demonstrate to us the full impact. If they believe that it's not then they'll need to show us that."

He added that Verizon was "absolutely evaluating [the breach] and will make determinations about whether and how to move forward with the deal based on our evaluation of the materiality".

A clause in the agreement of the takeover purchase states that Verizon can withdraw if an event "reasonably can be expected to have a material adverse effect on the business".

You can't really blame Verizon. If they're going to spend close to $5 billion buying Yahoo, they're going to want to be sure that there aren't any nasty surprises still waiting to be unearthed.

For those of you haven't been following the story, here's a quick catch-up:

Yahoo, data breaches and security snafus

May 2013:

200 million users of Yahoo Japan are advised to change their passwords, after hackers allegedly accessed a database of 22 million Yahoo Japan email addresses.

Sept 2013:

Marissa Mayer, CEO of Yahoo, says that she doesn't have a passcode on her smartphone.

A security firm wins a paltry $12 Yahoo t-shirt as a reward, after reporting a vulnerability to Yahoo that could have allowed a hacker to hijack any Yahoo user's account.

Late 2014:

Hackers break into Yahoo's systems and steal over 500 million users' credentials, including names, email addresses, telephone numbers, dates of birth, hashed passwords and security questions and answers. The hack is not discovered by Yahoo for almost two years.

June 2015:

Alex Stamos, a respected member of the computer security industry, quits his job as head of security at Yahoo to join Facebook.

According to some sources, Stamos left Yahoo after the company did not consult with the security team before giving in to a US government request to scan every incoming email with snooping code that itself could have been exploited by a hacker.

May 2016:

US Congress blocks all emails coming from Yahoo, after being hit by a wave of ransomware attacks from compromised Yahoo accounts.

Jul 2016:

Telecoms giant Verizon announces it is acquiring Yahoo for almost $5 billion in cash.

Aug 2016:

A hacker offers for sale on the dark web what he claims are 200 million stolen Yahoo credentials. Yahoo begins to investigate whether it might have suffered a data breach.

Sept 2016:

Yahoo confirms it suffered a massive hack in 2014 that saw attackers steal details of 500 million accounts. The hack also impacts users of BT Yahoo, Sky and other services.

Yahoo users are advised to change their passwords, if they have not changed them since late 2014.

Yahoo claims the attack was "state-sponsored", although some observers pour cold water on the theory.

It is revealed that Yahoo rejected the option of resetting users' passwords two years ago as a site-wide security measure.

Yahoo is sued for the 2014 hack.

Oct 2016:

Yahoo is accused of making it harder for users to leave the service, after taking away the option of auto-forwarding email to external accounts.

Verizon says that the hack could impact its acquisition of Yahoo.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

One Response

  1. Paul

    October 17, 2016 at 10:34 am #

    After the slack attitude to customer security and deliberate allowing of vulnerability to avoid losing users prior to the sell-off, the directors of Yahoo deserve nothing other than to receive a far lesser value for their poorly-run company. It is worth less due to their actions. They hoped to deceive and cash in. Fail.

Leave a Reply