Yahoo reveals more details about massive hack

Yahoo is trying to pin down when it first knew hackers had breached its systems and whether they left ways to regain access to a
Yahoo is trying to pin down when it first knew hackers had breached its systems and whether they left ways to regain access to accounts later on

Yahoo provided more details on Wednesday about an epic hack of its services, including that the culprits may have planted software "cookies" for ongoing access to users' accounts.

In revelations that could jeopardize the company's pending $4.8 billion acquisition by US telecom giant Verizon, the said it was trying to pin down when it first knew its system had been breached and whether hackers gave themselves a way to get back into accounts whenever they wished.

"Forensic experts are currently investigating certain evidence and activity that indicates an intruder, believed to be the same state-sponsored actor responsible for the security Incident, created cookies that could have enabled such intruder to bypass the need for a password to access certain users' accounts or account information," Yahoo said in a filing with the US Securities and Exchange Commission.

There is no evidence the state-sponsored actor is still active in the California-based company's network, Yahoo told regulators.

Investigators are also trying to figure out how much people at Yahoo knew about the hack in late 2014, when the breach took place, according to the filing.

Yahoo announced the breach in September, saying it affected at least 500 million customers.

Stolen user information included names, email addresses and answers to security questions, but did not include payment card data or unscrambled passwords, according to Yahoo.

The company warned users after checking into a hacker's claim of having stolen data.

Verizon executive vice president of product and new business innovation, Marni Walden expects to soon know how the massive breac
Verizon executive vice president of product and new business innovation, Marni Walden expects to soon know how the massive breach at Yahoo will affect, if at all, the $4.8 billion purchase of the struggling internet pioneer by the US telecom titan

Yahoo said in the SEC filing that law enforcement officials this week shared more data that a hacker claimed was pilfered from Yahoo, saying it was checking the authenticity.

There have been 23 lawsuits filed on behalf of Yahoo users claiming they were harmed by the hack, according to the filing.

A Verizon executive overseeing the purchase of Yahoo said last month that the deal was moving ahead pending the outcome of an investigation into the hack.

"We are not going to jump off a cliff blindly, but strategically the deal still does make sense to us," Verizon executive vice president Marni Walden said at a technology conference in California.

"What we have to be careful about is what we don't know."

He declined to comment on what information or circumstances might cause Verizon to walk away from the deal inked in July.

The company said earlier this month that the breach affecting Yahoo customers could have a "material" effect on the acquisition. Yahoo also warned of the possibility in its filing.

The use of the term "material" suggests a substantive change in Yahoo's value that was not previously known, and which could allow the telecom group to lower its offer or scrap the deal.


Explore further

Verizon warily staying with deal to buy Yahoo

© 2016 AFP

Citation: Yahoo reveals more details about massive hack (2016, November 10) retrieved 21 September 2019 from https://phys.org/news/2016-11-yahoo-reveals-massive-hack.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
6 shares

Feedback to editors

User comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more