Security researchers are disturbed that it took Yahoo three years to discover that details on more than 1 billion user accounts had been stolen in 2013.
THhe breach suggests that someone — possibly a state-sponsored actor — had access to one of the largest email user bases in the world, without anyone knowing. The stolen database may have even included information on emails of U.S. government and military employees.
“It is extremely alarming that Yahoo didn’t know about this,” said Alex Holden, chief information security officer with Hold Security.
Yahoo said in November it first learned about the breach when law enforcement began sharing with the company stolen data that had been provided by a hacker. At the time, the company was already dealing with a separate data breach, reported in September, involving 500 million user accounts.