'One billion' affected by Yahoo hack

From the BBC, an article about problems at Yahoo!:

Yahoo! has said more than a billion user accounts may have been affected in a hacking attack dating back to 2013.
The internet giant said it appeared separate from a 2014 breach disclosed in September of 2016, when Yahoo! revealed a half million accounts had been accessed.
Yahoo! said names, phone numbers, passwords, and email addresses were stolen, but not bank and payment data.
The company, which is being taken over by Verizon, said it was working closely with the police and authorities.
Yahoo! said it "believes an unauthorized third party, in August of 2013, stole data associated with more than one billion user accounts". The breach "is likely distinct from the incident the company disclosed on 22 September 2016".
However, the three-year-old hack was uncovered as part of continuing investigations by authorities and security experts into the 2014 breach, Yahoo said.
Account users were urged to change their passwords and security questions.
The California-based company has more than a billion monthly active users, although many people have multiple accounts. There are also many accounts that are little-used or dormant.
Cyber security expert Troy Hunt told the BBC that "this would be far and away the largest data breach we've ever seen. In fact, the half million they reported a few months ago would have been, and to see that number now double is unprecedented."
Yahoo! said some of the breach could be linked to state-sponsored activity, as with the previous attack.
Professor Peter Sommer, a specialist in digital forensics at Birmingham City University, told the BBC he could be persuaded it was a state-sponsored hack, "but at the moment I'm not. What on earth is a state going to do with one billion accounts of ordinary users? That's the difficulty I have," he said.
In September of 2016, when Yahoo! disclosed the 2014 data breach, the company said information had been "stolen by what we believe is a state-sponsored actor", but it did not say which country it held responsible.
The latest disclosure raises fresh questions about Verizon's five-billion-dollar proposed acquisition of Yahoo!, and whether the US mobile carrier will try to modify or abandon its bid. If the hacks cause a user backlash against Yahoo!, the company's services would not be as valuable to Verizon.

Yahoo! chief executive Marissa Mayer (photo) is negotiating the sale of Yahoo!'s core business to Verizon. Verizon said that it would evaluate the situation as Yahoo! investigates, and would review the "new development before reaching any final conclusions".
Hunt said that Verizon allegedly cut its valuation of Yahoo! by a billion dollars, or almost twenty percent of the original bid's value, after the news emerged of the 2014 attack. The latest revelations "will surely impact that valuation even further, not just because of the scale of it, but because it shows a pattern of serious failures on Yahoo!'s behalf", he said.
It is a further embarrassment to a company that was once one of the biggest names of the Internet, but which has failed to keep up with rising stars such as Google and Facebook.
Yahoo! was once deemed to be worth over a hundred billion dollars during the dotcom boom. Various attempts to revive its fortunes have failed to stem its decline. 

Analysis by Dave Lee, North American technology reporter:
Good grief, can things get any worse for Yahoo!? A complete disaster. Embarrassing. Negligent?
We've come to accept that even the best systems get attacked by cyber criminals. But repeatedly? And in such great numbers? Something was seriously, seriously wrong.
Looking to the future, this is yet more concern for Verizon, which agreed to buy Yahoo! before all of these disasters were made public. It wanted the company because of its huge user-base and advertising reach. How many of those users are going to stick around when this kind of thing is going on? What's in it for them?
There's talk of a discount on the five billion dollars that Verizon agreed to pay out. It's a game of how-low-can-you-go in the New Year, you'd think.

Rico says he never liked Yahoo! anyway...