23 January 2017, India:
U.S. authorities are investigating whether Yahoo Inc.’s two massive data breaches should have been reported sooner to investors, according to people familiar with the matter, in what could prove to be a major test in defining when a company is required to disclose a hack WSJ reported.
Yahoo said in a November 2016 quarterly filing that it was “cooperating with federal, state and foreign” agencies, including the SEC, that were seeking information and documents about a “security incident and related matters.”
The SEC is investigating whether two massive data breaches at Yahoo should have been reported sooner to investors, the Wall Street Journal reported on Sunday, citing people familiar with the matter as per the report by Business Standard.
In a statement, Yahoo said the hackers may have stolen names, email addresses, telephone numbers, hashed passwords, dates of birth, and, in some cases, encrypted or unencrypted security questions and answers.
Also read- Yahoo Early Days – The King Of The Dot Com Era!
“Based on the ongoing investigation, the company believes an unauthorized third party accessed the company’s proprietary code to learn how to forge cookies,” the statement said. “The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used.”
Yahoo is in the process of being acquired by Verizon and already these two hacks have threatened to derail that deal. Verizon originally agreed to pay $4.8 billion for the company, but it is reportedly seeking a $1 billion discount after details of the hackings came to light. An SEC investigation is sure to heap further pressure on. Already, the news has sent Yahoo’s share price down as per the report by TechCrunch.
Yahoo has advised its users to review all of their online accounts for suspicious activity and to change their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account. The company further recommended that users avoid clicking links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information. Additionally, Yahoo recommended using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether. (Image-Justin Sullivan/Getty Images)
