Yahoo’s deal to sell its core assets to Verizon may have been dealt a new blow when the internet company disclosed in a Securities and Exchange Commission filing that it discovered the hack that led to the compromise of a half-a-million user accounts two years before it went public with it.
In an SEC filing, Yahoo said it discovered the attacks, which the company continues to contend happened by a “state-sponsored actor,” shortly after it happened at the end of 2014. The company didn’t realize the extent of the compromise until a hacker claimed this past July he or she had vast amounts of Yahoo user data. Yahoo also said in the SEC filing it has been working with forensic security experts and that the investigation cost it $1 million in the third quarter.
In the filing, Yahoo also provided more information about the massive hack in 2014. Yahoo said the “state-sponsored actor” may have created cookies that could enable them to bypass the need for a password. They then had access to users’ accounts and account information. An independent committee is looking into who inside Yahoo knew about the hack and when. In that same filing, Yahoo disclosed another more recent hack. Yahoo said on Monday (Nov. 7) law enforcement authorities began sharing data they said was provided by a hacker. The hacker claimed the information came from a Yahoo user account. Yahoo said it’s working with forensic experts to analyze and investigate the claim.
The disclosures come as Yahoo is trying to close on its deal to sell its core assets to Verizon. It’s not clear if the disclosure in the filing and the previously announced hack will result in Verizon paying less for Yahoo’s core assets or walking away completely.