SAN FRANCISCO — Yahoo employees knew in 2014 that a hacker backed by a foreign government had broken into its network, the company said in a securities filing on Wednesday.
But Yahoo did not say whether the attack that year — which led to the theft of data like names, birth dates and encrypted passwords for more than 500 million accounts — was disclosed to senior management at the time.
The timeline of who knew what about the attack and when has become central to the company’s plan to sell its internet operations to Verizon Communications for $4.8 billion.
Yahoo first publicly disclosed the security breach on Sept. 22 this year, about two months after it struck the deal with Verizon. The company said it discovered the hacking, the largest known data breach affecting a private company, while investigating a hacker’s claim in July to have obtained certain Yahoo user data.
The breach was not disclosed to Verizon during negotiations, and last month Verizon executives said that it might have materially diminished the value of Yahoo — and could cause Verizon to reopen the deal, which is expected to close early next year.
In its latest disclosure, part of a quarterly filing about its finances, Yahoo said that it had discovered back in 2014 that a “state-sponsored actor” had gained access to its network. The company did not say what action, if any, it took at the time.
Yahoo also disclosed new details about the attack. The company said its board of directors and forensic experts were investigating “certain evidence and activity that indicates an intruder, believed to be the same state-sponsored actor responsible for the security incident, created cookies that could have enabled such intruder to bypass the need for a password to access certain users’ accounts or account information.”
Yahoo said that law enforcement authorities began sharing data with the company on Nov. 7 that purported to be Yahoo user information obtained by a hacker.
So far, 23 lawsuits related to the breach have been filed against Yahoo in the United States and abroad. The company said it was cooperating with federal, state, local and foreign officials seeking information about the breach.
Continue reading the main story