Verizon Remains Mum On Yahoo Acquisition Status In Aftermath Of Hack

Verizon has remained largely silent in the days following Yahoo's confirmation that more than 500 million of its user accounts were hacked in 2014, leaving the industry wondering whether the telecom giant is still committed to buying Yahoo.

Yahoo last Thursday admitted that it had been hacked by what the ailing internet giant believes to be a state-sponsored actor. In July, Verizon announced its intent to acquire Yahoo for $4.83 billion, but it's unclear whether Yahoo was aware of the scope of the large-scale hack at the time the deal was reached, or if the company fully disclosed that information to Verizon.

News of the security breach may or may not impact Verizon's acquisition plans, but it might give Verizon a bargaining chip to renegotiate the price for Yahoo, partners say.

[Related: Yahoo: More Than 500M User Accounts Impacted In Possibly Biggest Breach To Date]

id
unit-1659132512259
type
Sponsored post

Verizon said last Thursday that it had been notified of the breach two days before Yahoo confirmed the news to the public, but that it had only "limited information and understanding" of the security breach's impact.

"We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities," Verizon said in a statement.

Verizon said it had no further comment on the matter when reached by CRN.

While the hack probably won't send Verizon running from its Yahoo deal because the telecom provider wants Yahoo's content assets, it could change Yahoo's price tag, said Michael Bremmer, CEO of TelecomQuotes.com, a telecom consultancy based in Moreno Valley, Calif.

"Verizon will probably try to use this to negotiate down the price," Bremmer said.

Verizon’s response will be dictated by the amount of disclosure that took place during Verizon's due diligence process leading up to the acquisition announcement, said Patrick Oborn, co-founder of Sandy, Utah-based master agent Telarus, a Verizon partner.

"If Yahoo did disclose that it had been breached and that it was trying to work through that, then the deal will probably stand as is. However, if Yahoo failed to disclose that very important fact, I would expect Verizon to negotiate the price down further, but not to abandon their contact strategy," Oborn said.

The hack exposed account information of millions of users, including names, email addresses, telephone numbers, birthdays, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers, according to Yahoo's statement on the security breach.

While more than 500 million accounts were impacted, the number of individuals affected could be smaller because some users could have more than one Yahoo account, such as one on Yahoo Sports and another on Yahoo Finance, according to John Pironti, security consultant and president of IP Architects, LLC, a Rowley, Mass.-based risk management and consulting services provider.

But some of the information that was stolen during the hack is problematic, Pironti said.

"If [a hacker] can get a user name and a birthdate, now they have a couple of pieces of the puzzle that they can do more damage with," he said. "Birthdates and the stolen answers to the security question have made this [breach] a little bigger than just a stolen user name and password."

Pironti agrees with Telarus' Oborn that Yahoo's level of transparency with Verizon regarding the security breach could stand to change the terms of acquisition, but it would also depend on the terms of the deal, he said.

"The big chatter is around whether Yahoo did disclose the hack, and whether that was factored into the deal," Pironti said. "If you know about a hack, companies can factor costs associated with a breach into the deal."

Yahoo did not respond to CRN's request for comment before publication.

A month after Verizon announced it would acquire Yahoo, the internet company publicly said it was aware of a claim that a hacker had access to about 200 million Yahoo user accounts, and that the hacker may be selling these user credentials on the dark web. Yahoo never confirmed the legitimacy of the hack over the summer, but did say it was "investigating" the claim at the time.