The initial M&A between Verizon and Yahoo was estimated to be in the region of $4.8 billion (£3.86 billion).
That figure will now almost certainly be reduced by up to $350 million after a string of embarrassing cyber attacks.
Both of these cyber attacks roamed within the Yahoo network for years without being detected. Once both were eventually discovered, they equated to the two biggest data breaches on record: 500 million personal account information with the first and a billion account information with the second.
Cyber security expert Troy Hunt told the BBC: “This would be far and away the largest data breach we’ve ever seen.”
“In fact, the 500 million they reported a few months ago would have been, and to see that number now double is unprecedented.”
These clear security infringements put Verizon’s acquisition deal of Yahoo in potential jeopardy.
>See also: Yahoo data leak: the biggest on record
However, reports today, initially from Bloomberg, have suggested that negotiations are underway on taking up to $350 million of their valuation.
As we had predicted, today Verizon has announced it will be negotiating a reduced deal to acquire Yahoo, following the previously undisclosed cyber attack,” said Nick Pointon, Head of M&A at SQS.
“This hardly comes as a surprise, as Yahoo wasn’t completely transparent about the breach when in initial discussions with Verizon. Yahoo is now left feeling further ramifications of neglecting their IT systems in anticipation of the acquisition. This is a prime example of the knock on effect of poor technical due diligence prior to a merger or acquisition and is a stark reminder that issues unearthed during the closing stages of an acquisition have the potential to affect the final sale price. HadYahoo addressed their IT systems and their security properly, in good time, the sale price would have been much higher.”
A further factor in this development might stem from the fact that yesterday, Yahoo announced it has suffered another significant security failing, with hackers using forged cookies to access to user accounts without needing their password or personal details.
The number of accounts hasn’t been released, but it’s the latest in a long line of security issues that have plagued the company in recent years, exposing the personal information of more than 1.5 billion users.
>See also: Yahoo data breach exceeds 1 billion accounts
Professor Richard Benham, security advisor for online service OwlDetect on the issue:
“This is the latest in a long line of cyber security issues for Yahoo and it doesn’t seem to be getting any better, either for the company or for its users. Their data breach in 2013 was the largest in history with 1 billion records leaked, and now cookie forging has allowed hackers to access even more user accounts, this time without even a password.”
“Yahoo says that it has contacted all affected users, but for any concerned account holders the best precaution you can take is to immediately clear all of your cookies, saved passwords and information such as credit card details on your computer or device. It’s also advisable to change your password and ensure you aren’t using the same password elsewhere online. These simple steps should help protect you and your data on the web.”
In response to this latest security failing Yahoo said: “The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again.”