Yahoo breach means hackers had three years to abuse user accounts
Security researchers are disturbed it took Yahoo three years to discover that details of over 1 billion user accounts had been stolen back in 2013.
It means that someone — possibly a state-sponsored actor — had access to one of the largest email user bases in the world, without anyone knowing. The stolen database may have even included information on email ids of U.S. government and military employees.
“It is extremely alarming that Yahoo didn’t know about this,” said Alex Holden, chief information security officer with Hold Security.
Yahoo said back in November it first learned about the breach when law enforcement began sharing with the company stolen data that had been provided by a hacker. At the time, the company was already dealing with a separate data breach, reported in September, involving 500 million user accounts.