Latest in Gear

Image credit:

Yahoo admits some staff knew of 2014 hack

The company says people were aware that a 'state-sponsored actor' accessed its networks before its 2016 disclosure.
Matt Brian, @m4tt
November 10, 2016
Share
Tweet
Share

Sponsored Links

Noah Berger/Bloomberg via Getty Images

As Yahoo attempts to piece together how a hacker accessed 500 million user accounts back in 2014, the company has now admitted that some employees knew of a security breach when it happened. In a filing with the SEC, Yahoo said that while it only disclosed news of the attack in August, a "state-sponsored actor" had accessed its network two years ago but it didn't quite know the extent of the damage at the time.

"The Company had identified that a state-sponsored actor had access to the Company's network in late 2014," Yahoo said in its filing. "An Independent Committee of the Board, advised by independent counsel and a forensic expert, is investigating, among other things, the scope of knowledge within the Company in 2014 and thereafter regarding this access, the Security Incident, the extent to which certain users' account information had been accessed."

In the same statement, Yahoo said it is looking into whether the same hacker was able to create cookies that would allow them to access user account data without the need for a password. Since the disclosure, law enforcement agencies have also shared data provided by an attacker. Yahoo is now assessing whether user details are from the 2014 hack or from a separate intrusion.

Account information stolen in the attack is thought to include email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority of which were encrypted) and possibly security questions and answers too. The hack has already cost Yahoo $1 million, but it may run into the billions if Verizon pushes for money off its latest acquisition.

Verizon owns Engadget's parent company, Verizon Media. Rest assured, Verizon has no control over our coverage. Engadget remains editorially independent.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Samsung's older smart TVs are losing remote control app support

Samsung's older smart TVs are losing remote control app support

View
See every square foot of asteroid Bennu, Earth's little frenemy

See every square foot of asteroid Bennu, Earth's little frenemy

View
Dell's XPS 15 and 17 leak with sleek new designs

Dell's XPS 15 and 17 leak with sleek new designs

View
Vizio SmartCast TVs add 30 new free TV channels

Vizio SmartCast TVs add 30 new free TV channels

View
WhatsApp imposes even stricter limits on message forwarding

WhatsApp imposes even stricter limits on message forwarding

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr