Verizon is playing hard ball with Yahoo after hack

Verizon didn’t know about massive data breach when it agreed to buy Yahoo for $5 billion.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Verizon is playing hard ball with Yahoo after hack

Verizon could reduce the price it will pay to acquire Yahoo, or walk away from the deal completely.

That could happen if Verizon cannot be reassured that the consequences of Yahoo’s massive data breach hasn’t had a material impact on the troubled search engine’s business, reports BBC News:

A legal representative for Verizon, Craig Silliman, told reporters: “I think we have a reasonable basis to believe right now that the impact is material and we’re looking to Yahoo to demonstrate to us the full impact. If they believe that it’s not then they’ll need to show us that.”

He added that Verizon was “absolutely evaluating [the breach] and will make determinations about whether and how to move forward with the deal based on our evaluation of the materiality”.

A clause in the agreement of the takeover purchase states that Verizon can withdraw if an event “reasonably can be expected to have a material adverse effect on the business”.

You can’t really blame Verizon. If they’re going to spend close to $5 billion buying Yahoo, they’re going to want to be sure that there aren’t any nasty surprises still waiting to be unearthed.

Sign up to our free newsletter.
Security news, advice, and tips.

For those of you haven’t been following the story, here’s a quick catch-up:

Yahoo, data breaches and security snafus

May 2013:

200 million users of Yahoo Japan are advised to change their passwords, after hackers allegedly accessed a database of 22 million Yahoo Japan email addresses.

Sept 2013:

Marissa Mayer, CEO of Yahoo, says that she doesn’t have a passcode on her smartphone.

A security firm wins a paltry $12 Yahoo t-shirt as a reward, after reporting a vulnerability to Yahoo that could have allowed a hacker to hijack any Yahoo user’s account.

Late 2014:

Hackers break into Yahoo’s systems and steal over 500 million users’ credentials, including names, email addresses, telephone numbers, dates of birth, hashed passwords and security questions and answers. The hack is not discovered by Yahoo for almost two years.

June 2015:

Alex Stamos, a respected member of the computer security industry, quits his job as head of security at Yahoo to join Facebook.

According to some sources, Stamos left Yahoo after the company did not consult with the security team before giving in to a US government request to scan every incoming email with snooping code that itself could have been exploited by a hacker.

May 2016:

US Congress blocks all emails coming from Yahoo, after being hit by a wave of ransomware attacks from compromised Yahoo accounts.

Jul 2016:

Telecoms giant Verizon announces it is acquiring Yahoo for almost $5 billion in cash.

Aug 2016:

A hacker offers for sale on the dark web what he claims are 200 million stolen Yahoo credentials. Yahoo begins to investigate whether it might have suffered a data breach.

Sept 2016:

Yahoo confirms it suffered a massive hack in 2014 that saw attackers steal details of 500 million accounts. The hack also impacts users of BT Yahoo, Sky and other services.

Yahoo users are advised to change their passwords, if they have not changed them since late 2014.

Yahoo claims the attack was “state-sponsored”, although some observers pour cold water on the theory.

It is revealed that Yahoo rejected the option of resetting users’ passwords two years ago as a site-wide security measure.

Yahoo is sued for the 2014 hack.

Oct 2016:

Yahoo is accused of making it harder for users to leave the service, after taking away the option of auto-forwarding email to external accounts.

Verizon says that the hack could impact its acquisition of Yahoo.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Verizon is playing hard ball with Yahoo after hack”

  1. Paul

    After the slack attitude to customer security and deliberate allowing of vulnerability to avoid losing users prior to the sell-off, the directors of Yahoo deserve nothing other than to receive a far lesser value for their poorly-run company. It is worth less due to their actions. They hoped to deceive and cash in. Fail.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.