It's business as usual at Yahoo, with another massive account breach that impacts over one billion users. The first massive (but smaller in scale--"only" 500 million) breach was disclosed in September, but surprisingly, the latest breach actually occurred in 2013.
And we're being told now? Really?
I suppose it makes sense for Marissa Mayer, the CEO who stepped into her role in July 2012. That would be bad PR for her too.
Where does a company go from here?
Needless to say, the breach might make the future of the company uncertain. Earlier this year, Verizon announced plans to acquire Yahoo for $4.8 billion. Can you hear me now, Verizon? Is that still the case? Was the breach disclosed to the Verizon board at the time, or are we all finding out at the same time?
Verizon execs likely are just as shell-shocked as we are. Already on the heels of the earlier disclosed hack in September, Verizon requested a $1 billion discount. Do we expect them to double their request this time around? We might argue that yes, they will. Maybe they'll make it easy and round it up to a $2 billion sale.
(Funny how ten years ago, Yahoo could've almost bought Facebook for $1 billion. With all of Yahoo's properties to date, this is chump change.)
A severe breach
Barring talks about acquisitions, this is a more concerning breach because not only were passwords stolen, but so were names, phone numbers, and email addresses--plus, perhaps more importantly, unencrypted security questions. Forget your passwords, your security questions will now need to be changed everywhere.
On the plus side, does anyone want a job on the Yahoo security team?