Some five months after Yahoo disclosed a security breach that exposed sensitive data for 500 million accounts, some of its systems remained compromised, according to a report published Tuesday. It reported that in light of the hacks Verizon would knock $350 million off the price it would pay to acquire Yahoo’s Internet business.
“A recent meeting between technical staff of the two companies revealed that some of Yahoo’s systems were compromised and might be difficult to integrate with Verizon’s AOL unit,” The Wall Street Journal reported, citing unnamed people. Verizon remains concerned that the breaches may hamper user engagement and in the process make the assets less valuable. Yahoo responded by cutting $350 million from the original $4.83 billion price tag, bringing the deal value to about $4.48 billion. It wasn’t clear precisely when the meeting occurred.
Tuesday’s report comes a week after Yahoo sent a new round of notifications warning users that their accounts may have been breached as recently as last year. The disclosure caused concerns, because previously all the hacks were believed to have taken place in 2013 and 2014. The much more recent compromises were carried out by forging the browser cookies Yahoo servers set after a user logs in to an account. Once a computer has the authentication cookie, it no longer requires a users enter a password to access the account. Yahoo first disclosed the cookie attack in October, but didn’t say how recently it had occurred.
Two months after Yahoo’s October bombshell about the 500 million compromised accounts, the company disclosed a new, previously undetected breach that affected 1 billion accounts. It occurred in 2013 and was found after performing a forensics investigation. Tuesday’s WSJ report that some of Yahoo’s systems remained compromised suggests just how broken the company’s security is.
Listing image by Scott Schiller
Source: SANS ISC SecNewsFeed @ February 21, 2017 at 09:09AM