LLMpediaThe first transparent, open encyclopedia generated by LLMs

Yahoo data breaches

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: EC-Council Hop 5
Expansion Funnel Raw 55 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted55
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Yahoo data breaches
NameYahoo data breaches
Date2013–2014 (disclosed 2016–2017)
TypeData breach
Affected~3 billion accounts (cumulative claims)
PerpetratorsState-sponsored actors and criminal groups (attributed)
OutcomeLawsuits, regulatory fines, lost acquisition value, security reforms

Yahoo data breaches were a series of large-scale cybersecurity incidents disclosed by Yahoo! in 2016 and 2017 that affected hundreds of millions to billions of user accounts. The disclosures prompted investigations by entities including the United States Department of Justice, congressional committees such as the United States Senate Committee on Commerce, Science, and Transportation, and private litigants, and had material effects on corporate transactions involving Verizon Communications and executive leadership changes at Yahoo! and parent company Altaba. The episodes intersected with international actors, notable cybersecurity investigations, and major shifts in corporate cybersecurity practice.

Background

Yahoo! was founded by Jerry Yang and David Filo and grew into an internet portal and web services company competing with Google LLC, Microsoft Corporation, and AOL. By the early 2010s Yahoo! offered services including Yahoo Mail, Flickr, Yahoo Finance, and advertising operations that connected it to companies like Verizon Communications and Alibaba Group. Corporate governance changes involved executives such as Marissa Mayer and board members from firms like Sequoia Capital and Tiger Management. The company was subject to industry trends exemplified by incidents at Target Corporation and Sony Pictures Entertainment, and regulatory frameworks including the Securities and Exchange Commission reporting requirements and state data breach notification laws such as those in California and New York (state).

2013 and 2014 Breaches

In 2016 Yahoo! announced that a 2014 incident had compromised at least 500 million accounts; in 2017 it disclosed a separate 2013 intrusion affecting over one billion accounts and later stated the total impact could be approximately three billion accounts. Affected services included Yahoo Mail and account systems used by partners such as AOL. Reported compromised data types included names, email addresses, telephone numbers, dates of birth, hashed passwords, and security questions and answers; these aspects are analogous to compromises seen in breaches at Equifax, LinkedIn, and MySpace. Reporting involved outlets such as The Wall Street Journal, The New York Times, and Reuters and prompted scrutiny from investigators including the Federal Bureau of Investigation and state attorneys general like the California Attorney General.

Investigation and Attribution

Investigations combined internal forensics, third-party cybersecurity firms such as FireEye and Kaspersky Lab, and law enforcement agencies including the FBI and international partners. Attribution efforts pointed to both criminal groups and state-sponsored actors; U.S. authorities later charged individuals linked to actors associated with Russian military intelligence (the GRU) and actors tied to Cybersecurity and Infrastructure Security Agency concerns. The difficulty of attribution echoed debates surrounding intrusions like the Sony Pictures Entertainment hack and alleged operations such as Fancy Bear. Congressional hearings involved testimony from executives of companies such as Yahoo!, Verizon Communications, and security vendors like Symantec.

Impact and Consequences

The breaches affected user privacy and consumer confidence and had direct commercial consequences. The announced incidents reduced the purchase price paid by Verizon Communications in its acquisition of Yahoo! by approximately $350 million and contributed to the spin-off of Altaba Inc. Legal exposure included shareholder derivative suits, class actions by users, and inquiries by the Securities and Exchange Commission. The breaches influenced corporate messaging at technology companies such as Facebook, Twitter, and Microsoft Corporation, and informed security policies at cloud providers including Amazon Web Services and identity providers like Okta.

Litigation included consolidated class actions in federal courts involving firms of counsel related to Jones Day and Skadden, Arps, Slate, Meagher & Flom-linked matters; outcomes involved multi-million-dollar settlement agreements and statutory damages frameworks under state consumer protection laws such as the California Consumer Privacy Act precursors. Regulators including the SEC and state attorneys general examined disclosure practices and incident response. The breaches contributed to legislative and regulatory discourse that later touched on reforms such as proposed amendments to the Fair Credit Reporting Act in the wake of other breaches like Equifax, and influenced enforcement priorities at agencies like the Federal Trade Commission.

Company Response and Security Reforms

Yahoo! undertook remediation measures including mandatory password resets, invalidation of unencrypted security questions and answers, and the deployment of stronger cryptographic hashing algorithms. Security reforms involved expanding incident response teams, hiring external firms such as Mandiant for forensics, and rearchitecting account security systems in line with practices promoted by standards bodies like the Internet Engineering Task Force and authentication frameworks from OAuth and OpenID Foundation adopters. Leadership changes included departures by executives and board reevaluations; the corporate outcome intertwined with the acquisition by Verizon Communications and the management of remaining assets under Altaba.

Category:Data breaches Category:Yahoo!