New Filing Confirms Yahoo Was Aware of Large-Scale Email Hack in 2014

by

In September, Yahoo confirmed that at least 500 million of its users' accounts had been compromised during an attack in late 2014. Now, in a recent filing with the Securities and Exchange Commission, it was revealed that the company knew about the hack when it originally happened in 2014, but waited two years to divulge it to the public (via TechCrunch)

Describing the investigation, the new SEC filing notes a "state-sponsored actor" who gained access to the company's network in late 2014, along with Yahoo's awareness and identification of the individual in question during the same time period. Information stolen included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.

yahoo

In late July 2016, a hacker claimed to have obtained certain Yahoo user data. After investigating this claim with the assistance of an outside forensic expert, the Company could not substantiate the hacker’s claim. Following this investigation, the Company intensified an ongoing broader review of the Company’s network and data security, including a review of prior access to the Company’s network by a state-sponsored actor that the Company had identified in late 2014. Based on further investigation with an outside forensic expert, the Company disclosed the Security Incident on September 22, 2016, and began notifying potentially affected users, regulators, and other stakeholders.

Now a board made up of independent counsel and a forensic expert is said to be investigating "the scope of knowledge within the company in 2014," as well as Yahoo's basic security measures and related incidents. The filing describes $1 million in losses for Yahoo relating to the security breach so far.

Additionally, Yahoo said that 23 class action lawsuits have been filed against the company by consumers targeted by the security breach in 2014, in both federal and state courts, as well as foreign courts. Plaintiffs in the cases claim to have been "harmed by the company's alleged actions and/or omissions" relating to the hack. The scope and monetary damages sought by each consumer was not divulged.

In attempts to move past the incident, Yahoo is cooperating with federal, state, and foreign governments and agencies who are investigating the hack. The biggest blowback for Yahoo might still be in its planned sale to Verizon, the latter company now asking for a $1 billion discount due to Yahoo's current turbulent drama with the news of the 2014 hack.

Tag: Yahoo

Top Rated Comments

(View all)
Avatar
51 months ago
I'd hope Yahoo gets into huge legal trouble for this, but all that does is hurt the lowly employees who lose their jobs as the company breaks apart. The executives that make these decisions never suffer any real-world consequences, and can bail out with their golden parachute as if nothing happened. We need to go after the executives and take the money out of their pockets. Once we strike fear into the heart of executives nation wide, then and only then will we have any real positive change for consumers. Executives who take clear, obviously negative actions that knowingly put their customers at risk should be held personally accountable—not the company itself. It should be a part of the assumed responsibility and risk you take in exchange for making millions of dollars per year.
Score: 9 Votes (Like | Disagree)
Avatar
51 months ago
Marissa Mayer is a joke, how on earth is she still running yahoo?
Score: 7 Votes (Like | Disagree)
Avatar
51 months ago

Information stolen included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.

This is why not only do I have separate, long, random, passwords for every single site (thanks 1Password), but I also never answer "security questions" with legit answers. It's like they're saying, "please set up one secure password, plus three more that someone can find out by googling you". So my "security answers" are all completely nonsensical. By the way, my parents are Atilla the Hun and Joan of Arc, and I was born in 1752 in Mare Tranquillitatis on the moon.
Score: 2 Votes (Like | Disagree)
Avatar
51 months ago
Screw Yahoo! Mail. I setup my own personal email server. It has classified material in it, but I don't care.
Score: 2 Votes (Like | Disagree)
Avatar
51 months ago
I thought there was a law that stated that a company must go public within 90 days if more than 500 people were affected. If that is true and Yahoo waited 2 years to go public, then I see a huge class action lawsuit coming.
Score: 2 Votes (Like | Disagree)
Avatar
51 months ago
Mayer is a fraud.
Score: 1 Votes (Like | Disagree)

Top Stories

Samsung Mocks Apple for Ditching Power Adapters With iPhone 12 Lineup

Thursday October 15, 2020 11:51 am PDT by
Samsung on its social channels is mocking Apple for removing the power adapter from the iPhone 12 lineup and other iPhone models, pointing out the fact that the Samsung Galaxy smartphones continue to ship with a power adapter. "Included with your Galaxy," reads a Samsung Facebook post that features a picture of a power adapter. Apple notably is no longer providing power adapters or...

iPhone 12 Pro Pre-Orders Already Selling Out With Delivery Times Pushing Into November

Friday October 16, 2020 6:35 am PDT by
Apple today opened pre-orders for the 6.1-inch models of the iPhone 12 and iPhone 12 Pro through its website and the Apple Store app, and estimated delivery times are already slipping into November for select configurations in the United States. Customers ordering a SIM-free/Pacific Blue/128GB version of the iPhone 12 Pro, for example, are already facing an estimated delivery window of...

HomePod Mini Cable is Non-Detachable, Ends With USB-C Connector for Use With Included 20W Power Adapter

Friday October 16, 2020 12:45 pm PDT by
While not detailed in the tech specs, MacRumors can confirm that Apple's new HomePod mini features a non-detachable power cable that ends with a USB-C connector for use with the 20W power adapter included in the box. With the switch to USB-C, the HomePod mini could potentially be powered by a wider range of devices and peripherals, ranging from MacBooks to USB-C battery packs with enough...

Apple's New MagSafe Charger and Cases Begin Arriving to Customers

Saturday October 17, 2020 10:10 am PDT by
Apple's new MagSafe charger and cases have begun arriving to some customers earlier than expected, and images of the accessories have started to surface on Twitter. The photos provide a first look at the products in real-world use. As of writing, some MagSafe cases are also available for pickup at select Apple Stores in countries like the United States, Canada, and Germany. Filip...

New Google App Feature Lets You Hum a Song to Search for It

Saturday October 17, 2020 4:05 am PDT by
Google has added a new feature to its Search app that allows you to hum a song that's stuck in your head, and then use the company's machine learning algorithm to try and identify it. In the Google app or using the Google Search widget, tap the mic icon and say "what's this song?" or click the "Search a song" button. Then start humming the tune for 10-15 seconds. When you're done, the...

Brazilian Certifications Suggest iPhone 12 Mini Features 2,227mAh Battery and iPhone 12 Has 2,815mAh Battery

Friday October 16, 2020 1:08 pm PDT by
Apple's iPhone mini has the shortest battery life out of all the iPhones in the iPhone 12 lineup due to its small size, but Apple has not provided public information about the battery's capacity. A regulatory filing from Brazil, however, suggests the iPhone 12 mini has a battery capacity of 2,227mAh. The same regulatory information says the iPhone 12 features a 2,815mAh battery, which is...

Apple Offering Free AirPods With iPhone 11 Purchase in India as Part of Diwali Celebration

Friday October 16, 2020 12:35 pm PDT by
Apple today launched a new Diwali promotion in India that will see the company providing customers with a set of AirPods with the purchase of any iPhone 11 model. The new iPhone 12 models are not part of the promotion. Apple is offering the standard AirPods With Charging Case free with purchase, but customers can choose to upgrade to the AirPods with Wireless Charging Case or the AirPods Pro....

Apple Event to Unveil First Apple Silicon Macs Could Happen on November 17

Friday October 16, 2020 2:24 am PDT by
Apple will hold another digital event on November 17 to announce its first Apple Silicon powered Macs, according to frequent leaker Jon Prosser. Apple has already said that this year it intends to introduce the first Mac powered by an Apple Silicon chip instead of an Intel processor. One thing it hasn't revealed is the date it will be announced. According to Prosser's source, that date is No...

Apple Online Store Down Ahead of iPhone 12 and 12 Pro Pre-Orders

Thursday October 15, 2020 11:15 pm PDT by
Apple's online store is down ahead of iPhone 12 and iPhone 12 Pro pre-orders, which are set to begin at 5:00 a.m. Pacific Time in the United States. "You're... early," reads the Apple Store message when attempting to visit the U.S. website. "Pre-order begins at 5:00 a.m. PDT. Enjoy the extra sleep." Apple used to do new device pre-orders at 12:01 a.m. Pacific Time, but since last year, has...

When You Can Pre-Order the iPhone 12 and 12 Pro in Every Time Zone

Thursday October 15, 2020 10:55 am PDT by
Pre-orders for the iPhone 12 and the iPhone 12 Pro are set to kick off on Friday, October 16 at 5:00 a.m. Pacific Time, which is a new launch time that Apple adopted as of last year. Apple is planning to make the new devices available in multiple countries around the world simultaneously, so we've made a guide to let MacRumors readers know when pre-orders will in their country. Pre-orders...