Toronto Star

SENATE CALLING

Yahoo asked to testify on security breaches that exposed data of three billion accounts,

- SCOTT MORITZ BLOOMBERG

Yahoo, the internet company acquired by Verizon Communicat­ions Inc. this year, now believes a 2013 security breach exposed all three billion of its users at the time.

The U.S. Senate commerce committee will call on Yahoo representa­tives to testify about the breaches, whether there are steps they should have taken earlier and whether there is more bad news to come, John Thune, the panel’s chairman, said Tuesday in a statement.

An assessment based on intelligen­ce obtained after the $4.5-billion (U.S.) acquisitio­n showed the number of accounts compromise­d was far higher than Yahoo’s initial estimate of one billion. The informatio­n stolen didn’t include passwords in clear text, payment data or bank ac- counts. Yahoo is notifying users.

Verizon, which is combining Yahoo with its AOL business to attract more internet advertisin­g, had negotiated a $350-million price cut on the deal after Yahoo disclosed the 2013 breach and a subsequent hack in 2014. Verizon and Altaba Inc., the former owner of the Yahoo internet assets Verizon acquired, agreed this year to split evenly the liability costs of lawsuits related to the breach. Altaba also has to cover any shareholde­r costs.

While the attacks exposed user accounts and threatened Yahoo’s trust with consumers, most people have already moved on, said Jan Dawson, an analyst at Jackdaw Capital.

“Certainly this makes the hack look worse than Verizon and the rest of us thought, but I don’t know that that materially changes the valuation of Yahoo as a company or the ongoing cost of dealing with the hack,” Dawson said.

The committee is also calling representa­tives of Equifax Inc., the con- sumer credit agency involved in a breach that compromise­d informatio­n on 145.5 million U.S. consumers.

Yahoo has said it wasn’t able to identify who was responsibl­e for the 2013 breach, though the U.S. government has accused Russia of directing the 2014 hack. The 2013 intrusion was discovered by Andrew Komarov, chief intelligen­ce officer for Info Armor, who had been tracking an Eastern European hacker group that he spotted offering one billion Yahoo accounts for $300,000 in a private sale.

By watching the group’s communicat­ions, he was able to determine that it sold the database three times. Two buyers were large spamming groups. The third purchaser provided a list of 10 names of U.S. and foreign government officials and business executives to verify that their logins were part of the database, Komarov said. The unusual request, Komarov said, indicated that the buyer might be linked to a foreign intelligen­ce agency.

?? ??
?? MARCIO JOSE SANCHEZ/THE ASSOCIATED PRESS FILE PHOTO ?? Verizon, which acquired Yahoo this year, negotiated a $350-million discount on the $4.5-billion sale.
MARCIO JOSE SANCHEZ/THE ASSOCIATED PRESS FILE PHOTO Verizon, which acquired Yahoo this year, negotiated a $350-million discount on the $4.5-billion sale.

Newspapers in English

Newspapers from Canada