Back at the beginning of August, we heard claims of a massive Yahoo data breach, with a hacker named Peace saying he made off with credentials for 200 million accounts. At the time, Yahoo said it was investigating those claims to figure out if they were actually true, but since then, we haven’t heard anything from the company about the supposed hack. That may all change quickly, as new reports are saying that Yahoo will soon confirm the data breach.
This report comes from Recode, which spoke to unnamed sources close to the matter. One of these sources told Recode that the extent of the hack was actually worse than initially reported, but didn’t comment on why that is. If that’s true, then this is bad news for Yahoo, because it’s hard to image a scenario getting much worse than a hacker making off with 200 million accounts and attempting to sell them online.
As Recode points out, this could have negative implications for Verizon‘s buyout of Yahoo, which was announced in July and is going to run the telecom giant a whopping $4.8 billion. That’s the fear, at least, with Yahoo investors possibly worried that this mess could cause Verizon to lower its buying price. After all, you don’t generally expect massive data breaches like this to come along as baggage when you make an acquisition.
How this will all shake out remains to be seen, but if that confirmation is indeed coming, one has to wonder a couple of things: why did it take Yahoo so long to confirm the breach, and why didn’t Yahoo call for a password reset at the first sign of trouble? Recode’s sources say that Yahoo may yet call for a password reset, but considering these credentials will have been out in the wild for nearly two months by the time that call is made, it may not actually help much.