Earlier this year, Yahoo finally officially confirmed that it was hacked back in 2014, leaving 500 million user accounts exposed. While Yahoo only just got around to confirming that it was hacked a few months ago, we did not know when the company first discovered the breach. However, this week in a filing with the Securities and Exchange Commission, Yahoo appears to have admitted that employees were aware of the hack very early on.
At this point, we don't know who was behind the attack on Yahoo in 2014 but the company claims it was carried out by a foreign government entity. While Yahoo may have known about the hack back when it first occurred, it only bothered to tell its users about the breach in July 2016, almost two years later.
The Securities and Exchange Commission filing reads: “In late July 2016, a hacker claimed to have obtained certain Yahoo user data. After investigating this claim with the assistance of an outside forensic expert, the Company could not substantiate the hacker’s claim. Following this investigation, the Company intensified an ongoing broader review of the Company’s network and data security, including a review of prior access to the Company’s network by a state-sponsored actor that the Company had identified in late 2014”.
According to the filing, so far 23 class-action lawsuits have also been filed against Yahoo in response to this hack and the company's lack of disclosure to affected users.
KitGuru Says: If Yahoo knew about the attack as far back as 2014, then it raises some serious questions about the company's policies and practises. Millions of users had their information stolen and failing to disclose that fact sooner is a huge misstep on Yahoo's part.