Yahoo is preparing to officially announce that it has suffered a serious data breach, according to Recode.
Citing unnamed sources close to the company, Recode reports that Yahoo will soon go public with the results of an internal investigation into a hack attack that first came to light in August when an individual began offering Yahoo user credentials dating from 2012 for sale online. The individual claimed he had access to the credentials of 200 million users, including names, dates of birth, and passwords. Now, Recode reports that its sources close to the matter say the claims were true, and perhaps even worse.
It’s an example of the security liabilities involved in storing sensitive user data. While new authentication security mechanisms like biometrics can theoretically offer greater protection for users, if their biometric data is stored on an external server, it could be subject to a hack attack like this one. That’s part of the reason organizations like the FIDO Alliance have advocated for storing user credentials on users’ own personal devices.
While Yahoo’s breach may cause anxiety for millions of users, it’s also a very serious matter for the company as it proceeds with a sale of its primary business to Verizon, the terms of which could be impacted by legal liabilities and regulatory interventions pertaining to the data breach.
September 22, 2016 – by Alex Perala