Whether you have a Yahoo email account or not, chances are you’ve heard of the huge hack attack that compromised some 500 million user accounts. Now there’s a new wrinkle to the story. According to Re/Code, “Yahoo said in a regulatory filing that it had knowledge for two years that a ‘state-sponsored actor’ was hacking into its system.” Indeed, the entire story broke late in September, but in its filing from Wednesday (coincidentally released the same day as election results), Yahoo acknowledged that the company knew of the hack in late 2014. Initially it had stated it was discovered in a recent investigation.
This is just more bad news for the Sunnyvale company as it moves closer to its acquisition by Verizon. The telecom is taking a closer second look at the massive deal — it stated that it knew nothing of this hack until just before Yahoo notified its user base. Worst case here, Verizon may want to lower the price it pays, or could conceivably walk away from the entire thing. Verizon covets the massive Yahoo audience, and wants to expose them to its advertising. But if the user base dwindles due to lack of trust for Yahoo’s security, Verizon may decide the $4.8 billion deal isn’t what it was initially cracked up to be.
The bad news continues for the beleaguered former web titan. Yahoo also revealed in the filing it has been sued 23 times due to the security breach, but is not accounting for it. From Re/Code: “Based on current information, the Company does not believe that a loss from these matters is probable and therefore has not recorded an accrual for litigation or other contingencies relating to the Security Incident.”
To be fair, Yahoo has introduced measures designed to tighten up mail security with Account Key, but at this point with Big Brother Verizon looming over it, you have to wonder of it was too little, too late.
