Security & Fraud

Yahoo Discovered Hack Two Years Before It Disclosed It

Yahoo’s deal to sell its core assets to Verizon may have been dealt a new blow when the internet company disclosed in a Securities and Exchange Commission filing that it discovered the hack that led to the compromise of a half-a-million user accounts two years before it went public with it.

In an SEC filing, Yahoo said it discovered the attacks, which the company continues to contend happened by a “state-sponsored actor,” shortly after it happened at the end of 2014. The company didn’t realize the extent of the compromise until a hacker claimed this past July he or she had vast amounts of Yahoo user data. Yahoo also said in the SEC filing it has been working with forensic security experts and that the investigation cost it $1 million in the third quarter.

In the filing, Yahoo also provided more information about the massive hack in 2014. Yahoo said the “state-sponsored actor” may have created cookies that could enable them to bypass the need for a password. They then had access to users’ accounts and account information. An independent committee is looking into who inside Yahoo knew about the hack and when. In that same filing, Yahoo disclosed another more recent hack. Yahoo said on Monday (Nov. 7) law enforcement authorities began sharing data they said was provided by a hacker. The hacker claimed the information came from a Yahoo user account. Yahoo said it’s working with forensic experts to analyze and investigate the claim.

The disclosures come as Yahoo is trying to close on its deal to sell its core assets to Verizon. It’s not clear if the disclosure in the filing and the previously announced hack will result in Verizon paying less for Yahoo’s core assets or walking away completely.


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.

Click to comment