Largely due to Yahoo’s well-known highly vulnerable security system, Verizon reportedly has been able to negotiate down the price for buying the beleaguered web services company from $4.8 billion to $4.55 billion.
If you think that’s a lot of money to pay for a web services pioneer whose best days were more than a decade ago, just remember that nine years ago, Microsoft put a $47 billion offer on the table for the company, and that Yahoo’s board rejected it.
There was other Yahoo news on Feb. 15: In the midst of these negotiations, Yahoo issued a warning to users about malicious hacks related to a data breach that the company disclosed in December 2016. The warning sent to Yahoo users read: “Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.”
Forged cookies are digital keys that enable access to information without users needing to re-enter passwords. The leaked user data consists of email addresses, birthdates and security question answers. Yahoo did not indicate how many users were affected.
‘Forged Cookies’ Are Culprits
“Our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password,” Yahoo said in a statement to media members. “The investigation has identified user accounts for which we believe forged cookies were taken or used. Yahoo is in the process of notifying all potentially affected account holders.”
Verizon, which wants to expand its multichannel reach with Yahoo’s web assets, has been trying to renegotiate the deal ever since Yahoo revealed that it had been hit by two huge cyberattacks in which hackers stole passwords and personal information belonging to an estimated 1.5 billion of its users. Bloomberg News and The Wall Street Journal first reported the discount agreement Feb. 15.
Yahoo admitted two major intrusions in 2016. One involving 500 million records was reported in August, and another involving 1 billion records was reported in December. The breach reported in August likely occurred in 2014, while the latter breach likely happened in 2013. The size of the breaches stunned security experts and threatened to derail the proposed buyout completely.
The price reduction is just the latest chapter in Yahoo’s long corporate journey, starting in 1994 as a highly regarded search and web services pioneer to publicly traded company to acquiree. eWEEK has been chronicling Yahoo’s story since its founding by David Filo and Jerry Yang in 1994.
SEC May Be Investigating
Yahoo reportedly is also being investigated by the U.S. Securities and Exchange Commission regarding allegations it was slow to tell its investors about the hacks. There was no new information on this Feb. 15.
Despite all the ruckus, Verizon, the world’s second-largest telecom, is moving ahead with the deal as planned. Verizon wants to add assets such as Yahoo’s home page (still among the world’s most popular), Yahoo Mail, fantasy sports operation and its advertising system to its AOL franchise, which Verizon bought in 2015. This would create a viable third option behind Google (No. 1) and Facebook (No. 2) in the digital advertising business.
When Marissa Mayer joined the company from Google in 2012 to serve as CEO, she was seen as a potential savior for the beleaguered company. Mayer helped bring the company into the mobile era by refreshing all of Yahoo’s services for phones and tablets. But Mayer never figured out how to make much money from the company’s properties.
Last month, Yahoo said the consummation of the deal would likely be delayed until April.
Opt-in Not a Good Security Idea, Expert Says
Yahoo’s convention of opt-in security is one of the company’s biggest problems, a global security expert told eWEEK.
“While it is ‘news’ that Yahoo is making another announcement about a breach, it shouldn’t be surprising,” Gemalto CTO of Data Protection Jason Hart said. “Opt-in security is not an option in this day and age. The company recommended that users consider adopting its Yahoo Account Key, an authentication tool that eliminates the need for a password. However, tools like this only work if the user remembers to activate them.
“Given the current security climate, all companies should have multi-factor authentication activated by default for all online accounts. Now, it only remains to see how much more of a discount Verizon may ask for.”
Altaba New Business Name Going Forward
Last month, Yahoo created a new business entity called Altaba to identify the company’s assets. Verizon will retain the name Yahoo after the acquisition, which when announced last year was intended to close early this year. It isn’t known how the company will use the name in the future.
Perhaps it is only coincidence that Altaba sounds similar to the name of Yahoo’s biggest asset: a $30 billion stake in highly successful Chinese e-commerce website Alibaba, a lucrative investment deal Yang engineered more than 11 years ago.
Mayer, who will leave her job and place on the board of directors when the deal is consummated, was recruited from Google to reinvent Yahoo in July 2012. Her strategy included trying to establish the company as a go-to platform for mobile apps, hiring high-priced news anchor Katie Couric and acquiring money-losing blog site Tumblr. None of those initiatives worked during her 4.5-year tenure.
Also on her watch, Yahoo has been scourged by huge and crippling security breaches that have compromised personal information of more than 1 billion users. Through it all, however, Yahoo has remained among the world’s favorite home pages for multiple millions of users.
There was no indication as to whether Mayer will remain at Altaba in another job. There won’t be much for her to do because Altaba’s value is comprised mostly of Yahoo’s $30 billion Alibaba stake, which will likely be sold off over time.