Shortly after Verizon announced in July their purchase of Yahoo for slightly less than Yahoo paid for Broadcast.com, a series of alarming news articles came out notifying users of one data breach after another. In 2012, 200 million accounts were compromised; in 2013, a billion; and, in 2014, 500 million accounts were breached. In every case, Verizon said that they were unaware of these incidents until just before Yahoo disclosed them to the press and to users.
With three very high-profile incidents like these, the Verizon acquisition felt a little like it might collapse. However, earlier today, Bloomberg reported that the deal was finally ready to go through — for $250 million less than initially announced:
Verizon Communications Inc. is close to a renegotiated deal for Yahoo! Inc.’s internet properties that would reduce the price of the $4.8 billion agreement by about $250 million after the revelation of security breaches at the web company, according to people familiar with the matter.
In addition to the discount, Verizon and the entity that remains of Yahoo after the deal, to be renamed Altaba Inc., are expected to share any ongoing legal responsibilities related to the breaches, said the people, who asked not to be identified discussing private information. An announcement of the new agreement could come in a matter of days or weeks, said the people. The revised agreement isn’t final and could still change, they said.
Then, just a few hours after Bloomberg broke this news, the Associated Press reported yet another lapse in security:
Yahoo is warning users of potentially malicious activity on their accounts between 2015 and 2016, the latest development in the internet company’s investigation of a mega-breach that exposed 1 billion users’ data several years ago.
Yahoo confirmed Wednesday that it was notifying users that their accounts had potentially been compromised but declined to say how many people were affected.
There has now been a problem with Yahoo’s security every single year for the past five years. These incidents affect nearly two billion accounts cumulatively, thereby undermining the security of basically all of their users across the web.