Yahoo had evidence of security breach 18 months before it began investigating

A hack that affected at least 500 million Yahoo accounts has raised questions about whether Verizon will ask for a discount or other changes to their deal.
(Ritchie B. Tongo / European Pressphoto Agency)

Yahoo Inc. detected evidence that a hacker had broken into its computer network at least 18 months before launching an investigation that discovered personal information had been stolen from about 500 million user accounts.

The timeline outlined in a regulatory filing raises further questions about why it took Yahoo so long to realize the severity of its security breakdown. It also could provide Verizon Communications Inc. with reason to revise or terminate its $4.8-billion deal to buy Yahoo’s online services.

Yahoo disclosed the size of the breach seven weeks ago. At that time, Yahoo traced its findings to an inquiry opened in late July, around the same time Verizon announced its agreement to buy Yahoo’s email service, digital advertising tools and sections devoted to news, sports, finance and entertainment.

Verizon says it wasn’t informed of the hacking attack until a few days before Yahoo told its users in late September.


In its regulatory filing late Wednesday, Yahoo acknowledged that the company first became aware of the hack in late 2014. The Sunnyvale, Calif.-based company said its board is now investigating how much was known in 2014.

Verizon declined to comment on Yahoo’s latest disclosure. The company’s executives have previously said Verizon is reevaluating its deal with Yahoo because the breach could alienate a large swath of users who may rely on Yahoo’s email and other services less frequently in order to protect their privacy. If there is a user backlash, Yahoo’s services wouldn’t be worth as much to Verizon, which is counting on a large audience to sell more digital advertising.

Yahoo has sought to reassure its users that the hacker no longer has access to its computers. The company also has prompted users to change their passwords and security questions to protect their accounts.

In its regulatory filing, Yahoo also revealed that the hacker created computer coding known as “cookies” that would enable someone to view information in user accounts without the need for a password. The company also said it will analyze information turned over by the FBI from a hacker claiming it came from Yahoo accounts. 



Trump wants to replace Obamacare. But it’s not that simple.

What would a recreational marijuana market in California look like?

People line up to buy Snapchat Spectacles, available only in pop-up vending machines