Yahoo Says Investigating Claim of New Hack of User Databy
Yahoo! Inc. is investigating a new claim that user account data was obtained by a hacker, the latest security challenge for the company as it prepares for the planned acquisition of its core web services by Verizon Communications Inc.
Law enforcement authorities on Monday began sharing certain information they indicated was provided by a hacker who claimed it was Yahoo user account data, the company said Wednesday in a regulatory filing. Yahoo said it’s analyzing the matter with the help of forensic experts.
In the same filing, Yahoo also updated investors on a previously disclosed hack from 2014. In that incident, experts are looking at evidence that indicates a “state-sponsored actor” breached Yahoo’s system and could have gained user data by creating “cookies” that bypassed password protection, the company said in the filing. Yahoo doesn’t believe it is currently possible for the attackers to forge valid Yahoo Mail cookies, according to a source familiar with the matter.
The company revealed the security incident in September, spurred by a hacker’s claim in July that led Yahoo to re-examine the 2014 breach, according to the filing. The continued investigation cost about $1 million during the third quarter, Yahoo said. An independent board committee is investigating how many employees at Yahoo knew about the breach by the state-sponsored actor, and when they knew about this, the company said in the filing.
Chief Executive Officer Marissa Mayer is trying to navigate questions about the security of the web portal’s products while preparing for Verizon to acquire the core internet operations. Yahoo said the $4.8 billion deal is still expected to close in the first quarter of next year.
Bob Varettoni, spokesman for Verizon, declined to comment.