Yahoo is taking flak over its new breach disclosure
- Yahoo came under fire from a number of groups following Wednesday’s disclosure of a second data breach affecting more than one billion user accounts. Verizon, which previously signed a deal to buy Yahoo for $4.85 billion, is reportedly looking for a big discount if it chooses to go through with the deal at all.
- On Thursday, Germany’s cybersecurity authority, the Federal Office for Information Security (BSI), criticized Yahoo for using the MD5 hash function to encrypt passwords, a technology BSI says is widely considered obsolete and unsafe, and advised German consumers to switch to safer providers.
- In the U.S., the FBI announced it will investigate the breach. Bloomberg reported that some of the victims included employees from the FBI, CIA, NSA and White House.
Yahoo’s reputation and credibility are both in big trouble, and things could still get worse.
Legislators are calling for SEC investigations into how the company handled the disclosure of the original hack revealed in September. But now the second hack is far larger than the first, revealing deep security vulnerabilities that point to Yahoo being negligent in its cybersecurity posture.
If any evidence is found that suggests Yahoo knew about the hacks prior to signing the deal with Verizon, the deal could be killed all together, and more lawsuits could follow. As it stands, Verizon reportedly wants at least a $1 billion discount.