Yahoo Under SEC Investigation for Taking too Long to Reveal Data Breaches

January 23, 2017

Yahoo is in big trouble with US authorities due to how it handled the massive data breaches it disclosed last year, more specifically its failure to inform investors of the issues at an earlier time.

The United States Securities and Exchange Commission (SEC) has launched an investigation, the Wall Street Journal reports, which is yet in its early stages. The point of it all is to figure out whether the way Yahoo disclosed the information is in compliance with the civil security laws in place.

Yahoo admitted in a quarterly filing that it was cooperating with federal, state and foreign agencies that were all seeking both information and actual documents regarding the security incident and any related matters.

Last year, Yahoo revealed the top two largest data breaches in history, going as far as to say that a state-sponsored actor at the root of it all, without giving a name.

Yahoo’s hacker problem

The first hack was reported in September. At the time, they said some 500 million user accounts had been affected. Yahoo claimed hackers stole names, email addresses, telephone numbers, dates of birth, hashed passwords, as well as encrypted or unencrypted security questions and answers. Sensitive banking information such as account numbers and credit card data were safe from the prying eyes of the hackers.

The problem is that it all started over a month before this announcement when a hacker claimed to be selling data from 200 million Yahoo users, data that was extracted in 2014. The company announced that it was investigating the situation, but it took nearly two months before it revealed the magnitude of the breach.

The second hack, the largest in history so far, was revealed in December. Then, Yahoo said over 1 billion accounts had been compromised, with the data being stolen in August 2013. This time, the hackers stole names, email addresses, telephone numbers, hashed passwords, dates of birth, as well as encrypted and unencrypted security questions and answer for some of those accounts. Yahoo believes this all happened after unauthorized third party accessed the proprietary code, which it then used to forge cookies.

Yahoo has been in hot water ever since then, especially since it was already in talks of a takeover with Verizon. There have been many questions as to why it took so long for Yahoo to figure out its data has been stolen and just what it does to protect its users across the world.

Read full story…