Timing is everything, No sooner does it look like Verizon has reached a decision to knock over a third of a billion dollars off the offer price for Yahoo! following its security breach revelations, than the latter has to cough to another hacking incident!
This latest incident covers the period from 2015-2016. That comes after the one billion plus accounts compromised in August 2013, twice the number impacted by a 2014 breach. How many users are affected this time is unclear.
The latest hack appears to involve the use of forged cookies, which allowded attackers to access people’s accounts without re-entering their passwords. A spokesperson for Yahoo said:
The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo! is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again.
It’s bad timing for Yahoo! which has been accused of dragging its heels over revealing the extent of the previous breaches and which earlier this week faced demands from US Senators to come up some answers by later this month. The firm also faces a US Securities and Exchange Commission (SEC) probe into whether it met its requirements around disclosure of the breaches.
And in the background is the $4.8 billion takeover deal agreed with Verizon prior to news of the security problems emerging. The potential buyer has been playing a waiting game with Yahoo!, seeking more information on the extent of the issue and, presumably, exploring potential liability implications.
This week it emerged that the network carrier appears ready to proceed with the deal, but at a reduced rate, proposing to lower its offer by between $250 and $350 million. It’s believed that an agreement has been reached to share any liability between Verizon and what will remain of Yahoo! as a holding company. Terms have not been formally disclosed or confirmed.
Although CEO Marissa Mayer is believed to have never been keen on the idea of selling off the firm, it’s unlikely that the Yahoo! management can afford to get into much negotiating about this. Activist shareholders had the scent of blood for months before the Verizon deal was on the table and any shift away from closing the purchase would send them in for the kill.
If Yahoo!’s managed to hang on to a deal with only $350 million taken off the table, then it’s been damn lucky. Presumably this latest 2015-2016 security issue has been disclosed to Verizon during the re-negotiation process – surely? – so that’s unlikely to lead to any further reductions. So all that’s left now is to close the deal, address the SEC (and FBI) investigations and brace for the inevitably liability lawsuits, both genuine and frivolous.
Image credit - Yahoo!/World Economic Forum