Yahoo shares slide on second data breach

Shares in Yahoo have seen some selling in recent sessions since news broke recently that the tech company has had more than a billion user accounts affected in a hacking attack dating back to 2013. The news comes as a worrying development in security terms after the internet giant announced as recently as September that it suffered a 2014 breach, in which 500 million accounts were accessed. Whilst the incidents are not believed to be related, the close proximity to which they have been made public may cause concern for shareholders who have overall enjoyed a pleasing performance throughout 2016. 

Hacking has been a hot topic in recent months with suggestions of outside influence in the US election bringing it firmly to the fore in the mainstream media. Last week President Barack Obama vowed the US will retaliate against Russia “at a time and place of our own choosing” for Moscow’s hacking attempts to influence the country’s elections. Despite President-elect Donald Trump unsurprisingly rejecting any suggestions of Russian influence on the election the CIA have concluded that Russia acted to help Trump win. A bipartisan probe into Russian interference in the 2016 presidential vote is gathering growing support with several influential voices on Capitol Hill including Mitch McConnell, the top Republican in the Senate, backing an investigation. 

There is some speculation that the latest Yahoo hacking scandal could be state-sponsored, however there is no evidence as of yet to support this theory - the previous attack in 2014 was also believed by the firm to be an act that was sponsored by a state. Due to the sheer scale of these breaches, the sums of money involved could be potentially large. The New York Times has reported that last August a shadowy hacking collective in Eastern Europe began offering the hacked data for sale and quoted Andrew Komarov as a source. 

Mr. Komarov is the chief intelligence officer at InfoArmor, a cyber-security outfit in Arizona that deals in advanced threat intelligence and monitors the parts of the internet that are attractive to crooks, scammers, spammers and spies. According to this Times article this data is highly valuable with two known spammers and an entity that appeared more interested in espionage paying around $300,000 each for a complete copy of the database. 

Komarov’s claims first surfaced in a Bloomberg article, which states that Komarov watched the hacker group he calls “Group E” sell the database as many as three times, and that he was able to intercept the database during the sales. Komarov informed various military and law enforcement authorities of the incident including the United States, Australia, Canada, Britain and the EU. After these parties verified the authenticity of the stolen records they then went to Yahoo with their concerns.  

Bad timing

The news comes at a bad time for Yahoo, with Verizon currently proposing an estimated $4.8bn acquisition of the firm and these events may see the US mobile carrier modify or even abandon its bid. A consumer backlash against the company due to another security breach, which makes the prior one appear as not an isolated event, could cause Verizon to value Yahoo less favourably with reports that there has already been a request to change the pending offer in the wake of the latest cyberhack revelations. 

According to these recent reports in Fortune, Verizon remain keen on completing a deal, but want major concessions including a lower price tag for Yahoo’s core assets. Citing a person familiar with the matter, Fortune have reported that not only do Verizon want to amend the offer lower but that they have also threatened court action to get out of the deal if Yahoo doesn’t agree to the discount. 

Erik Gordon, a professor at the University of Michigan’s Ross School of Business has said that one concession Yahoo could offer is to compensate Verizon based on the cost of the hack after the deal closes. This is obviously a subjective figure and will be open to much debate but the move seen in the share price since the news broke could be seen as a starting point. The stock has slid by approximately six per cent in this time which if we extrapolate this to the offer then we would see Verizon amend their bid lower to roughly $4.5bn. This may seem like an almost insignificant adjustment but still represents tens of millions of dollars.

Image Source: xStation 5 platform

However, a drawback of this simplistic valuation approach is that it is short term and backward looking in its nature. It may be fairer to apply an extension on the time given for the deal to close until it is more apparent what damage has been done by this latest security breach. The recurrence of these security issues could have a longer term impact on the stock price, especially if consumers lose their trust in Yahoo and decide to take their business elsewhere in what is already a saturated and highly competitive market.

In conclusion whilst on its own the latest data breach for Yahoo shouldn’t have a long lasting impact on the business, the timing could hardly be worse. Due to the close proximity to the announcement of the previous breach, consumers are quite possibly going to view this as not an isolated incident and therefore may vote with their feet in moving to anyone of a number of comparable competitors if they haven’t already. To heap further misery on shareholders, the news has broken at a time when Verizon has just offered to acquire the beleaguered internet firm’s core assets and the latest hacking scandal will give them greater leverage in trying to negotiate a lower price. Whilst the stock has enjoyed a good performance throughout 2016 the latest developments threaten to undo a substantial portion of this good work and investor will be hoping that an amicable agreement with Verizon can be reached fairly promptly and that the sooner they can firmly draw a line under this saga the better. 

David Cheetham, Market Analyst, XTB
Image Credit: Dennizn / Shutterstock