Yahoo is poised to confirm a massive data breach of its service, according to several sources close to the situation, hacking that has exposed several hundred million user accounts.
While sources were unspecific about the extent of the incursion, since there is the likelihood of government investigations and legal action related to the breach, they noted that it is widespread and serious.
Earlier this summer, Yahoo said it was investigating a data breach in which hackers claimed to have access to 200 million user accounts and was selling them online. "It's as bad as that," said one source. "Worse, really."
The announcement, which is expected to come this week, also possible larger implications on the $4.8 billion sale of Yahoo's core business — which is at the core of this hack — to Verizon. The scale of the liability could be large and bring untold headaches to the new owners. Shareholders are likely to worry that it could lead to an adjustment in the price of the transaction.
More from Re/code:
Verizon wants to buy Vessel, the video startup founded by former Hulu CEO Jason Kilar
Facebook's Mark Zuckerberg and Priscilla Chan pledge $3 billion to cure all diseases
You're not alone: 51 percent of Amazon Echo owners have it in the kitchen
That deal is now moving to completion, but the companies cannot be integrated until it is approved by a number of regulatory agencies, as well as Yahoo shareholders. But representatives of Verizon and Yahoo have started meeting recently to review the Yahoo business, so that the acquisition will run smoothly once complete.
But there's nothing smooth about this hack, said sources, which became known in August when an infamous cybercriminal named "Peace" said on a website that he was selling credentials of 200 million Yahoo users from 2012 on the dark web for just over $1,800. The data allegedly included user names, easily decrypted passwords, personal information like birth dates and other email addresses.
At the time, Yahoo said it was "aware of the claim," but the company declined to say if it was legitimate and said that it was investigating the information. But it did not issue a call for a password reset to users. Now, said sources, Yahoo might have to, although it will be a case of too little, too late.
The confirmation of such an extensive hack is is also another blemish on the record of CEO Marissa Mayer, a vaunted former Google exec, who has presided over numerous declines in the business since she arrived four years ago. Her inability to turn Yahoo around or innovate any new products eventually led to the sale.
I reached out to Yahoo for comment and will update this post if I get a response (don't wait up late for that!).