Yahoo Breaches (2013-2014)

Yahoo suffered multiple breaches affecting all 3 billion user accounts, with SQL injection as one of the attack vectors. While the full technical details remain classified, security researchers identified numerous SQL injection vulnerabilities in Yahoo's properties during this period. The breaches went undetected for years, only coming to light during Yahoo's acquisition by Verizon.

The Yahoo case highlights several critical failures:

Legacy System Vulnerabilities: Older systems hadn't been updated with modern security practices
Detection Gaps: Breaches went unnoticed for years
Password Storage: Used outdated MD5 hashing without proper salting
Third-Party Risks: Some vulnerabilities existed in acquired properties

The financial impact was staggering—Verizon reduced its Yahoo acquisition price by $350 million, and Yahoo faced numerous lawsuits and regulatory actions.