IT Security: 500 million Yahoo accounts stolen could be the largest data breach ever

Share This

Rumors from last month might prove true as Yahoo is expected to announce officially that they’ve been breached.

Yahoo has now confirmed the breach in a press release, and the number of stolen user accounts is much higher than expected — 500 million in total. The company noted that this does not involve credit card information.

Being massive in size also presents a problem: You become a bigger target.

Yahoo is an iconic brand, one that ranks up there with Google in terms of instant name recognition. Hundreds of millions of people have Yahoo email accounts, use the Yahoo search engine by default in their browser, and check Yahoo for a daily news update.

As several outlets are reporting today, a hacker may have stolen as many as 200 million user accounts, possibly many more, and is selling them online with passwords and date of birth. If true, this would rank as one of the most extensive breaches in recent memory. Yahoo is expected to officially announce the breach this week.

It’s particularly heinous, though. Yahoo has been spinning out of control lately, but the one mainstay — the reason Verizon is paying $4.8B for their primary internet business — is that there are millions of people who rely on the service every day. There are precious few “sticky” services these days at a massive scale, the ones that are not a passing fad or a messaging app designed mostly for millennials. To be truly sticky, a service has to be non-optional. You don’t just have an account at Yahoo, you use it for your email, for posting a blog on Tumblr, for every web search. You’re hooked in, attached to the company in an almost inextricable way.

This has always been why Google dominates so much. There’s a subtle shift from hype and awe, then massive interest, and eventually what is essentially more like a utility. The one differentiating characteristic of Yahoo (and a few other brands like Yahoo and Amazon) is that there aren’t just a few million paying customers, there are hundreds of millions. That’s why a breach of this nature is so important: The Verizon acquisition is dependent on shareholder and regulatory approval.

It’s also noteworthy that the breach started as a rumor, that a hacker named Peace was offering the usernames and passwords on the dark web. What’s significant now is that, if Yahoo does confirm the security breach, it opens up new questions about Yahoo security practices, their technical prowess, and even the ability of CEO Marissa Mayer to lead through a crisis.

The timing could not be worse. Mayer is already a high-profile figure who has made several high-profile mistakes, namely (in my opinion) in failing to generate any buzz about new innovations. Yahoo is still a banner-happy, advertising hungry engine quivering in the Google shadow. While Google is creating autonomous car tech and making indispensable apps for the Android OS they invented, Yahoo has stayed content with the same basic services, rarely creating any “must download” apps and relying only on past accomplishments and acquisitions.

It might not be another nail in the coffin. It is certainly a sign that Yahoo has become a company that is mainly a collection of user accounts. Now that those accounts are in jeopardy, as the reports seem to indicate, it creates yet another dark shadow.