New Filing Confirms Yahoo Was Aware of Large-Scale Email Hack in 2014 - MacRumors
Skip to Content

New Filing Confirms Yahoo Was Aware of Large-Scale Email Hack in 2014

by

In September, Yahoo confirmed that at least 500 million of its users' accounts had been compromised during an attack in late 2014. Now, in a recent filing with the Securities and Exchange Commission, it was revealed that the company knew about the hack when it originally happened in 2014, but waited two years to divulge it to the public (via TechCrunch)

Describing the investigation, the new SEC filing notes a "state-sponsored actor" who gained access to the company's network in late 2014, along with Yahoo's awareness and identification of the individual in question during the same time period. Information stolen included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.

yahoo

In late July 2016, a hacker claimed to have obtained certain Yahoo user data. After investigating this claim with the assistance of an outside forensic expert, the Company could not substantiate the hacker’s claim. Following this investigation, the Company intensified an ongoing broader review of the Company’s network and data security, including a review of prior access to the Company’s network by a state-sponsored actor that the Company had identified in late 2014. Based on further investigation with an outside forensic expert, the Company disclosed the Security Incident on September 22, 2016, and began notifying potentially affected users, regulators, and other stakeholders.

Now a board made up of independent counsel and a forensic expert is said to be investigating "the scope of knowledge within the company in 2014," as well as Yahoo's basic security measures and related incidents. The filing describes $1 million in losses for Yahoo relating to the security breach so far.

Additionally, Yahoo said that 23 class action lawsuits have been filed against the company by consumers targeted by the security breach in 2014, in both federal and state courts, as well as foreign courts. Plaintiffs in the cases claim to have been "harmed by the company's alleged actions and/or omissions" relating to the hack. The scope and monetary damages sought by each consumer was not divulged.

In attempts to move past the incident, Yahoo is cooperating with federal, state, and foreign governments and agencies who are investigating the hack. The biggest blowback for Yahoo might still be in its planned sale to Verizon, the latter company now asking for a $1 billion discount due to Yahoo's current turbulent drama with the news of the 2014 hack.

Tag: Yahoo

Top Rated Comments

macduke Avatar
126 months ago
I'd hope Yahoo gets into huge legal trouble for this, but all that does is hurt the lowly employees who lose their jobs as the company breaks apart. The executives that make these decisions never suffer any real-world consequences, and can bail out with their golden parachute as if nothing happened. We need to go after the executives and take the money out of their pockets. Once we strike fear into the heart of executives nation wide, then and only then will we have any real positive change for consumers. Executives who take clear, obviously negative actions that knowingly put their customers at risk should be held personally accountable—not the company itself. It should be a part of the assumed responsibility and risk you take in exchange for making millions of dollars per year.
Score: 9 Votes (Like | Disagree)
A MacBook lover Avatar
126 months ago
Marissa Mayer is a joke, how on earth is she still running yahoo?
Score: 7 Votes (Like | Disagree)
duervo Avatar
126 months ago
Screw Yahoo! Mail. I setup my own personal email server. It has classified material in it, but I don't care.
Score: 2 Votes (Like | Disagree)
CarlJ Avatar
126 months ago
Information stolen included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.
This is why not only do I have separate, long, random, passwords for every single site (thanks 1Password), but I also never answer "security questions" with legit answers. It's like they're saying, "please set up one secure password, plus three more that someone can find out by googling you". So my "security answers" are all completely nonsensical. By the way, my parents are Atilla the Hun and Joan of Arc, and I was born in 1752 in Mare Tranquillitatis on the moon.
Score: 2 Votes (Like | Disagree)
126 months ago
I thought there was a law that stated that a company must go public within 90 days if more than 500 people were affected. If that is true and Yahoo waited 2 years to go public, then I see a huge class action lawsuit coming.
Score: 2 Votes (Like | Disagree)
MacBH928 Avatar
126 months ago
1 word: ProtonMail

and thanks for this post reminding me to close my yahoo accounts
Score: 1 Votes (Like | Disagree)

Popular Stories

iphone 16 teal

'Siri AI' Lawsuit Update: Apple to Pay Owners of These iPhone Models

Thursday July 9, 2026 7:08 am PDT by
In May, Apple agreed to pay $250 million to settle a U.S. class action lawsuit over Siri AI's delayed launch, and eligible iPhone users could receive up to a $95 payout. This week, the California court overseeing the case held a hearing regarding preliminary approval of the settlement, but the judge has not yet issued a ruling. It will likely be at least a few more months before eligible...
Apple TV Thumb 3

Everything Coming in the 2026 Apple TV 4K

Wednesday July 8, 2026 4:51 pm PDT by
The Apple TV 4K hasn't been updated since 2022, and it's due for a refresh. An update is planned for 2026, but Apple is likely going to wait to launch it after Siri AI launches in iOS 27. Design Apple TV design updates don't happen often, and that's not changing. The next Apple TV is going to have the same squircle shape as the current model, and it'll continue to be made from a black...
apple wallet drivers license feature iPhone 15 pro

Apple Says iPhone Driver's Licenses Will Expand to These 6 U.S. States

Thursday July 9, 2026 7:29 am PDT by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. To set up the feature, open the Wallet app on the iPhone and tap on the plus sign in the top-right corner. Next, tap on Driver's License and ID Cards,...