Advertisment

Yahoo admits it knew about the hack in 2014 itself

author-image
CIOL Writers
New Update
Yahoo must face the lawsuit for data breach :US judge

In a not so surprising turn of events, Yahoo has admitted that some of its employees were aware of the massive data breach of 500 million users as early as 2014 — much before Yahoo publicly acknowledged the hack.

Advertisment

According to the regulatory filing with the U.S Securities and Exchange Commission, the hack that the company attributed to some “state-sponsored actor” in its recent acknowledgment was in reality detected by Yahoo much earlier.

“In late July 2016, a hacker claimed to have obtained certain Yahoo user data. After investigating this claim with the assistance of an outside forensic expert, the Company could not substantiate the hacker’s claim. Following this investigation, the Company intensified an ongoing broader review of the Company’s network and data security, including a review of prior access to the Company’s network by a state-sponsored actor that the Company had identified in late 2014,” Yahoo said in the filing.

The company also mentioned that forensic investigators are now closely looking at the possibility of the state-sponsored hackers maintaining access to user accounts. They believe that the intruders managed to create cookies that enabled them to bypass certain user accounts without the need of any password.

Advertisment

Yahoo also reported that 23 consumer class action lawsuits have been filed in response to the breach, but that it’s too early to estimate monetary damages. It estimates the hack has led to a loss of $1 million so far.

Notably, Yahoo has for the first time also revealed its fears and the possibility of the $4.8 billion acquisition agreement with Verizon falling through. Verizon has reportedly asked for a $1 billion discount in light of the breach, which was not disclosed until after the September sale even though Yahoo CEO Marissa Mayer allegedly learned of the breach in July.

The filing also says that Yahoo has formed an independent committee to review “the scope of knowledge within the Company in 2014 and thereafter regarding this access, the Security Incident, the extent to which certain users’ account information had been accessed.”

verizon yahoo