Regarding the massive hack of its services, Yahoo have provided more details including that the culprits may already have planted software “cookies” for the access to its user base information.
These revelations can actually jeopardize the company’s pending $4.8 billion acquisition by US telecom giant Verizon. The company said it was trying to pin down the information like, when was the first time their security was breached and also to find if hackers gave themselves a way to get back into accounts whenever they wished.
“Forensic experts are currently investigating certain evidence and activity that indicates an intruder, believed to be the same state-sponsored actor responsible for the security Incident, created cookies that could have enabled such intruder to bypass the need for a password to access certain users’ accounts or account information,” Yahoo said in a filing with the US Securities and Exchange Commission.
There is no evidence the state-sponsored actor is still active in the California-based company’s network, Yahoo told regulators.
Investigators are also trying to figure out how much people at Yahoo knew about the hack in late 2014, when the breach took place, according to the filing.
Yahoo announced the breach in September, saying it affected at least 500 million customers.
Stolen user information included names, email addresses and answers to security questions, but did not include payment card data or unscrambled passwords, according to the company.
The company warned users after checking into a hacker’s claim of having stolen data. Yahoo said in the SEC filing that law enforcement officials this week shared more data that a hacker claimed was pilfered from Yahoo, saying it was checking the authenticity.
There have been 23 lawsuits filed on behalf of Yahoo users claiming they were harmed by the hack, according to the filing.
A Verizon executive overseeing the purchase of Yahoo said last month that the deal was moving ahead pending the outcome of an investigation into the hack.
“We are not going to jump off a cliff blindly, but strategically the deal still does make sense to us,” Verizon executive vice president Marni Walden said at a technology conference in California.
“What we have to be careful about is what we don’t know.” He declined to comment on what information or circumstances might cause Verizon to walk away from the deal inked in July.
Latest posts by William Fieldhouse (see all)
- A John McAfee-Backed ICO Exposed Thousands of Peoples Documents Due to Security Blunder - April 26, 2018
- Latest Hacking News Podcast #13 - April 17, 2018
- Latest Hacking News Podcast #12 - April 16, 2018