This announcement came at a time when Yahoo was deep into talks to be acquired by Verizon. That September announcement led to speculation about effects to the purchase price.
Well, truth is stranger than fiction, and Yahoo is back in the news again. Now on December 14, 2016 it appears that yet another breach has been discovered. This is different from the previous issues and seems to date from August 2013. This latest discovery affects... wait for it... one billion accounts! You'll recall that the 2014 breach discovered in Sept 2016 hit "only" half that many accounts!
So if we look at the timeline, Yahoo had major breaches in 2012, 2013 and 2014 with discoveries in 2015 and 2016! Good times. Here is the latest announcement from Yahoo as well as some articles covering the details.
This whole thing is a major issue (issues?) for a number of reasons, and it has to do with our dependence on email in our online world and Yahoo's role as major provider of free email.
- We all use email daily for wide variety of reasons. We have a need to trust email. Of course, using email has made our lives easier... Not!
- Spam and Phishing - when you receive a spam or phishing message from a "friend", you are more likely to click on the links. Similarly, having your account taken over endangers your friends and contacts.
- Password reuse - most people reuse passwords among internet sites because it's easier to remember fewer passwords
- Linked accounts - as a convenience, you can connect accounts together so that you can use multiple services with one login. This is most common with Facebook ("login with Facebook") but this is also available with Yahoo, Google and others.
- Password resets and other verifications - often, password reset info or alerts or warnings are sent to an email address you specify. If you specified your Yahoo account to receive these from your bank or other important site, and you account was compromised in any of the attacks we're discussing, the attackers could intercept this alert information.