Yahoo Staffers Knew Of State-Sponsored Attack On 500 Million Accounts In 2014

Yahoo is again catching fire over a security breach dating back to 2014 that compromised the accounts of 500 million users, though this time the criticism is aimed at Yahoo's lack of timely disclosure. The company fessed up earlier this week that at least some of its employees had knowledge that a cyberattacker backed by a foreign government had hacked into its systems.

The disclosure is contained in a filing Yahoo made this week with the United States Securities and Exchange Commission (SEC). In it, Yahoo says it "had identified that a state-sponsored actor had access to the company’s network in late 2014," adding that its prior knowledge is under review as part of a broader internal investigation.

Yahoo Building

"An Independent Committee of the Board, advised by independent counsel and a forensic expert, is investigating, among other things, the scope of knowledge within the company in 2014 and thereafter regarding this access, the security incident, the extent to which certain users’ account information had been accessed, the company’s security measures, and related incidents and issues," Yahoo stated.

Yahoo waited until September 22 of this year to publicly disclose the security breach, the timing of which came two months after it reached an agreement with Verizon. At the time, Yahoo said it became aware of the breach while investigating a hacker's attempt in July to sell in the underground market what he claimed was stolen user data from Yahoo.

The timeline of the attack, Yahoo's knowledge of the incident, and its disclosure could have a major impact on Yahoo's deal to sell its Internet operations to Verizon for $4.83 billion. There have already been rumblings that Verizon wants to back out of the deal, or at the very least renegotiate a lower price as much as $1 billion lower.
Tags:  Yahoo, security, Hacking