Investigation adds to uncertainty surrounding Verizon’s $4.8bn takeover. Issue about material impact on deal was raised by Verizon.
According to the Financial Times, Yahoo has admitted that at least some staff knew that a state-sponsored hacker had accessed its network shortly after an attack took place two years ago, adding to the uncertainty around Verizon’s $4.8bn deal to acquire the internet company’s operations.
An independent committee of Yahoo’s board has launched an investigation into “the scope of the knowledge within the company in 2014” regarding the security breach, which it announced six weeks ago.
Yahoo had said it first discovered the cyber attack — which affected data belonging to at least 500m users — in August 2016, a month after Verizon agreed to acquire the company’s core assets. Verizon, which would not comment on Wednesday’s filing, has previously said it wants to know whether the attack will have a material impact on Yahoo. But in the filing with the US Securities and Exchange Commission, Yahoo said: “The company had identified that a state-sponsored actor had access to the company’s network in late 2014.”
One person familiar with the investigation said Yahoo originally did not have a “full picture” of what happened because of the “sophisticated nature of state-sponsored attacks”. When it brought in outside experts to investigate the claim of a separate breach, which turned out to be false, it developed a more complete picture, the person said [poor excuse].
In the same filing, Yahoo also said that forensic experts are investigating evidence that indicates an intruder, possibly the same hacker, created a way to access users’ account information without their passwords, raising the possibility that a cyber criminal could have access even after passwords are changed. The person close to the investigation said Yahoo did not believe it was currently possible for attackers to forge the Yahoo Mail cookies to allow access without a password.
The company also said in the filing that law enforcement agencies had begun sharing data provided by a hacker purporting to be Yahoo account information. It is not clear whether this information is thought to be from the same attack or a separate one.
Source: Financial Times