Yahoo reveals more details about massive hack

November 10, 2016
Yahoo is trying to pin down when it first knew hackers had breached its systems and whether they left ways to regain access to accounts later on

Yahoo provided more details on Wednesday about an epic hack of its services, including that the culprits may have planted software "cookies" for ongoing access to users' accounts.

In revelations that could jeopardize the company's pending $4.8 billion acquisition by US telecom giant Verizon, the said it was trying to pin down when it first knew its system had been breached and whether hackers gave themselves a way to get back into accounts whenever they wished.

"Forensic experts are currently investigating certain evidence and activity that indicates an intruder, believed to be the same state-sponsored actor responsible for the security Incident, created cookies that could have enabled such intruder to bypass the need for a password to access certain users' accounts or account information," Yahoo said in a filing with the US Securities and Exchange Commission.

There is no evidence the state-sponsored actor is still active in the California-based company's network, Yahoo told regulators.

Investigators are also trying to figure out how much people at Yahoo knew about the hack in late 2014, when the breach took place, according to the filing.

Yahoo announced the breach in September, saying it affected at least 500 million customers.

Stolen user information included names, email addresses and answers to security questions, but did not include payment card data or unscrambled passwords, according to Yahoo.

The company warned users after checking into a hacker's claim of having stolen data.

Verizon executive vice president of product and new business innovation, Marni Walden expects to soon know how the massive breach at Yahoo will affect, if at all, the $4.8 billion purchase of the struggling internet pioneer by the US telecom titan

Yahoo said in the SEC filing that law enforcement officials this week shared more data that a hacker claimed was pilfered from Yahoo, saying it was checking the authenticity.

There have been 23 lawsuits filed on behalf of Yahoo users claiming they were harmed by the hack, according to the filing.

A Verizon executive overseeing the purchase of Yahoo said last month that the deal was moving ahead pending the outcome of an investigation into the hack.

"We are not going to jump off a cliff blindly, but strategically the deal still does make sense to us," Verizon executive vice president Marni Walden said at a technology conference in California.

"What we have to be careful about is what we don't know."

He declined to comment on what information or circumstances might cause Verizon to walk away from the deal inked in July.

The company said earlier this month that the breach affecting Yahoo customers could have a "material" effect on the acquisition. Yahoo also warned of the possibility in its filing.

The use of the term "material" suggests a substantive change in Yahoo's value that was not previously known, and which could allow the telecom group to lower its offer or scrap the deal.

Explore further: Verizon warily staying with deal to buy Yahoo

Related Stories

Verizon says Yahoo data breach had a 'material' impact

October 13, 2016

Verizon's top lawyer says it now has reason to believe Yahoo's recently disclosed data breach has a "material" impact on Verizon's pending $4.8 billion acquisition of Yahoo. That leaves open the possibility that Verizon could ...

Yahoo pressed to explain huge 'state sponsored' hack

September 23, 2016

Yahoo faced pressure Friday to explain how it sustained a massive cyber-attack—one of the biggest ever, and allegedly state-sponsored—allowing hackers to steal data from half a billion users two years ago.

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.