Yahoo data breaches cut sale to Verizon by $350m

Verizon’s takeover of Yahoo has been confirmed, with the two firms agreeing to reduce the price of the deal by $350 million, to $4.48 billion.

Verizon Communications initially announced it had agreed to buy Yahoo in June 2016, but the deal was delayed after Yahoo disclosed two separate data breaches. The first, which occurred in late 2014, was at the time the biggest known security breach of a single company. Hackers obtained data from over 500 million user accounts, including account names, email addresses, telephone numbers, dates of birth, hashed passwords, and, in some cases, encrypted or unencrypted security questions and answers.

Three months later, Yahoo broke its own record when it announced that a separate breach – which occurred in 2013 – had affected 1 billion user accounts.

The decline and fall of Yahoo

Yahoo was a cornerstone of the early Internet, and less than ten years ago the company rejected a $44.6 billion takeover from Microsoft. So what went wrong?

Its news, media, and finance websites still attract over 6 billion views a month – this traffic is the primary attraction for Verizon – but a series of security embarrassments has devastated the company’s value and reputation.

Yahoo has been criticized for not doing enough to prevent data breaches. The company’s chief executive, Marissa Mayer, denied funding to Yahoo’s security team (officially known as ‘the Paranoids’) and, according to the New York Times, Ms. Mayer’s team rejected the most simple security measure of all: an automatic reset of user passwords following a breach.

Following the 2014 breach, Yahoo deemed that the risk of misuse was low and didn’t enact automatic password resets.

In February 2016, before the second breach was disclosed, Yahoo announced that it would lay off up to 15% of its 10,000 employees, paving the way for Verizon’s takeover. The deal was delayed as more information came to light and has now been finalized at $4.48 billion.

Protect your business by complying with ISO 27001

Not all organizations have proven to be quite as vulnerable as Yahoo, but ensuring the appropriate cybersecurity measures are in place is still crucial for all companies. For those looking to stay secure, an effective ISMS (information security management system) is vital.

ISO 27001 is the international standard that describes best practice for an ISMS. It provides a risk-based approach to information security that enables organizations of all sizes, sectors, and locations to mitigate the risks they face with appropriate controls.

Implementing an ISO 27001-compliant ISMS can be time-consuming and costly. That is why IT Governance offers a set of packaged solutions, which provide ISO 27001 tools and resources that are available 24/7, including books, toolkits, and online training.

Click here for more information >>