Cyber Security

Just How Much Bigger Was This Yahoo Hack Than Any That Came Before?

Yahoo already took the prize for biggest data breach. Now it's beaten its own record.

Cyber Security
Photo Illustration: Diana Quach
Dec 15, 2016 at 5:27 PM ET

Internet giant Yahoo has broken its own record for largest number of customers who were secretly hacked.

Now, the biggest breach known to the public isn’t when hackers breached Yahoo at the end of 2014, acquiring the email addresses, phone numbers, and birth dates of 500,000 million users. The record now belongs to a newly discovered but earlier hack, from 2013, that breached that same type of information — this time, of a billion users.

Yahoo has claimed that both hacks were perpetrated by state-sponsored actors, though InfoArmor, a security firm that acquired some of the hacked accounts from the 2014 breach before news of the hack was made public, concluded it was simply the work of rogue online criminals.

InfoArmor also disputed Yahoo’s assertion, which it also made after each of the two megabreaches were made public, that the passwords had been “hashed,” meaning they would be scrambled in a way to appear nonsensical to an unauthorized viewer. InfoArmor, however, said that it was able to figure out several of the passwords from the 2014 beach.

Yahoo’s two major breaches are substantially larger than the other biggest ones ever made public, all of which occurred in recent years and were first revealed sometime in 2016. The FriendFinder Network, a series of hookup-themed social networks including Adult FriendFinder, comes in third with 412,214,295 exposed accounts, and the classic, largely deserted MySpace social network comes in fourth with 359,420,698.

It’s yet to be seen how badly this breach will affect Verizon’s ongoing deal to acquire Yahoo. When the 2014 breach was announced, in September, Verizon reportedly tried to get the price dropped from $4.8 to about $3.8 billion.