Yahoo Inc shares fell more than 5 percent on Thursday after the technology company disclosed a second massive data breach that raised fears Verizon might kill a deal to buy its core internet business.
Continue Reading Below
Silicon Valley-based Yahoo said late on Wednesday that it had uncovered a 2013 cyber attack that compromised data of more than 1 billion user accounts, the largest breach in history.
That followed Yahoo's disclosure in September of a separate breach that affected over 500 million accounts, which the company said it believed was launched by different hackers.
Yahoo shares were down 5.2 percent at $38.79 in midday trade as the latest disclosure cast new doubt on whether Verizon Communications Inc would proceed with a $4.83 billion agreement to buy Yahoo's core internet business, struck in July.
It was their biggest one-day drop since Jan. 7, when they fell 6.2 percent.
Verizon is now seeking to persuade Yahoo to amend the terms of the acquisition agreement to reflect the economic impact of the data breaches, according to people familiar with the matter.
Continue Reading Below
The telecommunications giant has threatened to go to court to get out of the deal, citing a material adverse effect if the deal is not repriced, said the sources, who asked not to be identified because the negotiations are confidential.
Verizon still expects to go through with the deal, but is looking for "major concessions" in light of the most recent breach, according to another source familiar with the situation, who wished to remain anonymous because they are not permitted to speak to the media. The person did not know what kind of concessions Verizon is pushing for.
Verizon had already said in October it was reviewing the deal after September's breach disclosure. Late on Wednesday, it said it would "review the impact of this new development before reaching any final conclusions" about whether to proceed.
The company declined to comment beyond that statement on Thursday.
Verizon shares rose 0.7 percent to $52.03, in line with the S&P 500 Index.
The latest breach has drawn widespread criticism of Yahoo from security experts, several of whom have advised consumers to close their Yahoo accounts.
"Yahoo has fallen down on security in so many ways I have to recommend that if you have an active Yahoo email account, either direct with Yahoo of via a partner like AT&T, get rid of it," Stu Sjouwerman, chief executive of cyber security firm KnowBe4 Inc, said in a broadly distributed email.
Germany's cyber security authority, the Federal Office for Information Security (BSI), advised German consumers to consider switching to safer alternatives for email, and criticized Yahoo for failing to adopt modern encryption techniques to protect users' personal data.
"Considering the repeated cases of data theft, users should look more closely at which services they want to use in the future and security should play a part in that decision," BSI President Arne Schoenbohm said in a statement.
CONGRESS TAKES INTEREST
Meanwhile, Democratic Senator Mark Warner of Virginia said he was looking into Yahoo's cyber security practices.
"This most-recent revelation warrants a separate follow-up and I plan to press the company on why its cyber defenses have been so weak as to have compromised over a billion users," he said in a statement.
Warner, who will become the top Democrat on the Senate Intelligence Committee next year, described the hacks as "deeply troubling." He said he had repeatedly asked Yahoo for briefings about the 2014 hack, which affected 500 million accounts, but had not received a response.
After the 2014 hack, which was disclosed in September, Warner asked the U.S. Securities and Exchange Commission to investigate whether Yahoo had fulfilled obligations to inform investors and the public about it.
"If a breach occurs, consumers should not be first learning of it three years later," Warner said on Thursday. "Prompt notification enables users to potentially limit the harm of a breach of this kind, particularly when it may have exposed authentication information such as security question answers they may have used on other sites."
Yahoo has said the data stolen from more than 1 billion user accounts may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers. (Reporting by Greg Roumeliotis and Jessica Toonkel in New York and Dustin Volz in Washington; Additional reporting by Liana Baker and Eric Auchard; Writing by Jim Finkle in Boston; Additional reporting by Jessica Toonkel in New York; Editing by Bill Trott and Bill Rigby)