Yahoo faces growing scrutiny over when it learned of data breach

  • TECH
  • Monday, 26 Sep 2016

More info needed: Yahoo has so far not provided a clear, detailed timeline about when it was made aware of the breach.

WASHINGTON: Yahoo faced pointed questions about exactly when it knew about a cyberattack that exposed the e-mail credentials of 500 million users, a critical issue for the company as it seeks to prevent the breach from affecting a pending takeover by Verizon Inc.

The Internet company has so far not provided a clear, detailed timeline about when it was made aware of the breach announced Thursday. Yahoo blamed the incident on a "state-sponsored actor" but has not provided any technical information supporting that claim.

"We don't know a lot. We don't know how the bad guys broke in. We don't know when Yahoo first found out," said Jeremiah Grossman, chief of security strategy for SentinelOne and a former information security officer at Yahoo.

In a Sept 9 regulatory filing with the Securities and Exchange Commission, Yahoo stated it did not have knowledge of "any incidents of, or third party claims alleging ... unauthorised access" of personal data of its customers that could have a material adverse effect on Verizon’s acquisition.

Verizon, which said Thursday it learned of the breach within the past two days, agreed in July to pay US$4.83bil (RM19.97bil) for Yahoo's core business. If the hacking prompts customers to leave Yahoo, the company may see its value erode.

Yahoo was sued Friday in a California federal court by a user who accused it of gross negligence in its handling of the massive hacking. The suit, filed on behalf of all Yahoo users in the United States who had their personal information compromised, sought class-action status and unspecified damages.

Some lawmakers swiftly called for close scrutiny of what the company knew and when.

“As law enforcement and regulators examine this incident, they should investigate whether Yahoo may have concealed its knowledge of this breach in order to artificially bolster its valuation in its pending acquisition by Verizon,” Richard Blumenthal, a Democratic senator from Connecticut, said.

Verizon declined to comment on how the breach might affect the deal. Sources familiar with the transaction say Verizon and its advisers are still examining the situation before determining what actions if any might be taken.

The Financial Times reported Thursday that embattled Yahoo chief executive officer Marissa Mayer knew of the breach in July, citing a person briefed on the matter.

The FT article did not specify if Mayer was aware of the hack announced Thursday or of a separate incident, in which a hacker calling himself Peace took to the dark web this summer to claim he was selling hundreds of millions of Yahoo credentials.

"Yahoo has never had reason to believe there is any connection between the security issue disclosed yesterday and the claims publicised by a hacker in August 2016. Conflating the two events is inaccurate," said a Yahoo spokesperson who declined to be identified by name, adding that Yahoo's investigation was still ongoing.

Sources familiar with the Yahoo investigation said that the company learned of the theft of data – which included encrypted passwords, names and emails but not banking information – only after probing the claims made by Peace, which Yahoo determined were meritless.

Joseph Cox, a reporter with the technology news site Motherboard, said he e-mailed Yahoo on July 30 to ask if the company was aware that Peace was attempting to sell Yahoo data. Motherboard published a story on Aug 1 stating Yahoo was “aware” of the hacker’s claims. — Reuters

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Did you find this article insightful?


Next In Tech News

Polish e-commerce group Allegro to pilot own parcel lockers
Jeff Bezos called upon to save thousands of stranded seafarers
China’s ‘wild era’ of Internet may be ending as new personal data protection law seeks to curb Big Tech’s control over user data
Can you beat a virtual Beth Harmon from ‘The Queen’s Gambit’ in a game of chess?
Madonna is trending on Twitter after fans mistakenly thought she died instead of Maradona
Scammers targeting i-Sinar applicants with fake mobile apps
Mexico moves to stem unauthorised sharing of sexual images online
South Korean chat room operator gets 40 years for ‘sextortion’, blackmail
WeRide robotaxis gain loyal passengers but fixed pick-up, drop-off spots irk some, survey shows
A different ‘super spreader’: Facebook struggles with election disinfo

Stories You'll Enjoy