Yahoo Acknowledges Staff Were Aware of “State-Sponsored” 2014 Hack

Back in 2014, Yahoo experienced a massive data breach which resulted in millions of users having their data compromised. The hack was one of the largest in recent history and took a shockingly long amount of time to be acknowledged by the company. In September, Yahoo admitted that at least 500 million user accounts had been accessed and it’s been suggested many employees were aware of the hack as early as 2014. A filing with the Securities and Exchange Commission reads:

“In late July 2016, a hacker claimed to have obtained certain Yahoo user data. After investigating this claim with the assistance of an outside forensic expert, the Company could not substantiate the hacker’s claim. Following this investigation, the Company intensified an ongoing broader review of the Company’s network and data security, including a review of prior access to the Company’s network by a state-sponsored actor that the Company had identified in late 2014. Based on further investigation with an outside forensic expert, the Company disclosed the Security Incident on September 22, 2016, and began notifying potentially affected users, regulators, and other stakeholders.”

Not so long ago, Senator Mark Warner pleaded with the SEC to investigate Yahoo’s behaviour and knowledge about the hack. The organisation stated:

“Yahoo’s September filing asserting lack of knowledge of security incidents involving its IT systems creates serious concerns about truthfulness in representations to the public,” 

This is a major breach of trust and it seems likely that Yahoo tried to protect their own reputation at the expense of users’ sensitive data. This is a terrible attitude and it’s worrying to think what could have transpired with such a vast amount of information.