FILE - In this June 5, 2014, file photo, people walk in front of a Yahoo sign at the company's headquarters in Sunnyvale, Calif. Yahoo says the personal information of 500 million accounts have been stolen in a massive security breakdown that represents the latest setback for the beleaguered internet company. The breach disclosed on Thursday, Sept. 22, 2016, dates back to late 2014. Yahoo is blaming the hack on a “state-sponsored actor.” (AP Photo/Marcio Jose Sanchez, File)
FILE
– In this June 5, 2014, file photo, people walk in front of a
Yahoo sign at the company’s headquarters in Sunnyvale, Calif.
Yahoo says the personal information of 500 million accounts have
been stolen in a massive security breakdown that represents the
latest setback for the beleaguered internet company. The breach
disclosed on Thursday, Sept. 22, 2016, dates back to late 2014.
Yahoo is blaming the hack on a “state-sponsored actor.” (AP
Photo/Marcio Jose Sanchez, File)


syndication.ap.org


SAN FRANCISCO (AP) — Yahoo has been struggling for years to keep
people coming back to its digital services such as email. That
challenge just got more daunting after hackers stole sensitive
information from at least 500 million accounts.

The startling breach disclosed Thursday is believed to be the
largest to hit a single email provider. The security breakdown
risks magnifying Yahoo’s preexisting problems — specifically,
that it is losing users, traffic and the advertising revenue that
follows both, to rivals such as Google and Facebook.

Some snarky online commentators quipped that the hack would have
been far more devastating if people actually still used the
company’s services. While there’s some truth to that observation,
millions around the world still rely on Yahoo mail and other
services, and are now potentially at risk of identity theft or
worse.

LOSING USERS

And if these people give up on Yahoo as a result, the
consequences for the company itself — now scheduled to become
part of Verizon as soon as its $4.8 billion deal closes — could
also be dire. “Yahoo may very well be facing an existential
crisis,” said Corey Williams, senior director of products and
marketing at the computer security firm Centrify.

Yahoo was already facing a steep decline in email traffic,
despite CEO Marissa Mayer’s efforts to upgrade the service in
order to foster more user loyalty. In July, 161 million people
worldwide used Yahoo email on personal computers, a 30 percent
decline from the same time in 2014, when the breach first
occurred. That’s according to the latest data from the research
firm comScore. By contrast, Google’s rival Gmail service saw
desktop users rise 9 percent to nearly 429 million over the same
period.

The email breach raises questions about Yahoo’s ability to
maintain secure and effective services, particularly since it’s
been laying off staff and trimming expenses to counter a steep
drop in revenue over the past eight years.

At the time of the break-in, Yahoo’s security team was led by
Alex Stamos, a respected industry executive who left last year to
take a similar job at Facebook.

ONCE MORE UNTO THE BREACH

Yahoo didn’t explain what took so long to uncover a heist that it
blamed on a “state-sponsored actor” — parlance for a hacker
working on behalf of a foreign government.

The Sunnyvale, California, company declined to explain how it
reached its conclusions about the attack for security reasons,
but said it is working with the FBI and other law enforcement.
Yahoo began investigating a possible breach in July, around the
time the tech site Motherboard reported that a hacker who uses
the name “Peace” was trying to sell account information belonging
to 200 million Yahoo users.

Yahoo didn’t find evidence of that reported hack, but additional
digging later uncovered a far larger, allegedly state-sponsored
attack.

“We take these types of breaches very seriously and will
determine how this occurred and who is responsible,” the FBI said
in a Thursday statement.

MOST ACCOUNTS EVER STOLEN

The Yahoo theft represents the most accounts ever stolen from a
single email provider, according to computer security analyst
Avivah Litan with the technology research firm Gartner Inc.

“It’s a shocking number,” Litan said. “This is a pretty big deal
that is probably going to cost them tens of millions of dollars.
Regulators and lawyers are going to have a field day with this
one.”

Yahoo says it has more than 1 billion monthly users, although it
hasn’t disclosed how many of those people have email accounts.

The data stolen from Yahoo includes users’ names, email
addresses, telephone numbers, birth dates, scrambled passwords,
and the security questions — and answers — used to verify an
accountholder’s identity. The company said the attacker didn’t
get any information about its users’ bank accounts or credit and
debit cards.

Security experts say the Yahoo theft could hurt the affected
users if their personal information is mined to break into other
online services or used for identity theft. All affected users
will be notified about the theft and advised how to protect
themselves, according to the company.

Yahoo also is recommending that all users change their passwords
if they haven’t done so since 2014. If the same password is used
to access other sites, it should be changed too, as should any
security questions similar to those used on Yahoo.

THE VERIZON IMPACT

News of the security lapse could cause some people to have second
thoughts about relying on Yahoo’s services, raising a prickly
issue for the company as it tries to sell its digital operations
to Verizon.

That deal, announced two months ago, isn’t supposed to close
until early next year. That leaves Verizon with wiggle room to
renegotiate the purchase price or even back out if it believes
the security breach will harm Yahoo’s business. That could happen
if users shun Yahoo or file lawsuits because they’re incensed by
the theft of their personal information.

Verizon said it still doesn’t know enough about the Yahoo
break-in to assess the potential consequences. “We will evaluate
as the investigation continues through the lens of overall
Verizon interests, including consumers, customers, shareholders
and related communities,” the company said in a statement.

DELAY OF SALE?

At the very least, Verizon is going to need more time to assess
what it will be getting into if it proceeds with its plans to
take over Yahoo, said Scott Vernick, an attorney specializing in
data security for the law firm Fox Rothschild.

“This is going to slow things down. There is going to be a lot of
blood, sweat and tears shed on this” Vernick said. “A buyer needs
to understand the cybersecurity strengths and weaknesses of its
target these days.”