CNN:-Just when you think Yahoo’s security issues can’t get any worse, the company proves you wrong.
Yahoo (Tech30) disclosed a new security breach on Wednesday that may have affected more than one billion accounts. The breach dates back to 2013 and is thought to be separate from a massive cybersecurity incident announced in September.,
The company will notify users who may be affected and has begun requiring users to change their passwords.
The security incident, likely one of the largest cybersecurity breaches ever, comes less than three months after Yahoo admitted data from at least 500 million accounts had been stolen.
That earlier breach, which Yahoo has attributed to a “state-sponsored actor,” is likely unrelated to the newly disclosed breach, according to the company.
The second cybersecurity breach raises more concerns about whether Yahoo took enough precautions. As one former employee told CNNMoney after the first breach was disclosed, “Security was pushed to the back end” behind “other priorities.”
The original breach was initially viewed as a threat to Verizon’s (Tech30) $4.8 billion deal to buy Yahoo, given the potential impact on Yahoo’s brand and user retention. Verizon learned about the breach after agreeing to the acquisition and later said it could have a meaningful financial impact on the deal.,
AOL CEO Tim Armstrong said earlier this month he was “cautiously optimistic” the deal would go through — but the second massive breach could change that.
“As we’ve said all along, we will continue to evaluate the situation as Yahoo continues its investigation,” Verizon said in a statement Wednesday. “We will review the impact of this new development before reaching any final conclusions.”
Yahoo’s stock fell 2.5% in after hours trading Wednesday following the disclosure.