Yahoo, an American multinational technology company, faced pointed questions about exactly when it knew about a cyber-attack that exposed the email credentials of 500 million users. It is a critical issue for the company as it seeks to prevent the breach from affecting a pending takeover by Verizon Inc.
The internet company, so far has not provided a clear, detailed timeline about when it was made aware of the breach. Sunnyvale, California headquartered company blamed the incident on a “state-sponsored actor” but has not provided any technical information supporting the claim.
“We don’t know a lot. We don’t know how the bad guys broke in. We don’t know when Yahoo first found out,” said the chief of security strategy of SentinelOne and a former information security officer at Yahoo, Jeremiah Grossman.
Yahoo was sued on Friday in a California federal court by a user who accused it of gross negligence in its handling of the massive hacking. The suit, filed on behalf of all Yahoo users who had their personal information compromised, sought class-action status and unspecified damages.
Some lawmakers swiftly called for close scrutiny of what the company knew and when.
“As law enforcement and regulators examine this incident, they should investigate whether Yahoo may have concealed its knowledge of this breach in order to artificially bolster its valuation in its pending acquisition by Verizon,” said Richard Blumenthal, a Democratic senator from Connecticut.
Verizon declined to comment on how the breach might affect the deal. Sources familiar with the transaction say Verizon and its advisers are still examining the situation before determining what actions if any might be taken.
“Yahoo has never had reason to believe there is any connection between the security issue disclosed yesterday and the claims publicized by a hacker in August 2016. Conflating the two events is inaccurate,” said a Yahoo spokesperson adding to Yahoo’s investigation was still ongoing.
Sources familiar with the Yahoo investigation said that the company learned of the theft of data – which included encrypted passwords, names and emails but not banking information- only after probing the claims made by Peace, which Yahoo determined were meritless.
Checkout latest news at itvoir.com
From ITvoir News Desk