Yahoo may have just gotten a new name, but its past mistakes keep coming back to haunt its future. The Wall Street Journal reports the company is currently under investigation by the Securities and Exchange Commission for delaying its massive data breach announcements for years.
Following reports that a hacker was selling the private credentials of over 200 million Yahoo accounts last August, the iconic company eventually revealed in September that it had suffered a major attack in 2014, affecting over 500 million users. Later in December, the search engine giant announced yet another billion accounts had been compromised in a breach dating back to 2013.
Now the SEC wants to know why Yahoo kept the lid on these vulnerabilities for years before disclosing them last year. According to reports, a number of employees were aware the company had been infiltrated by a hacker back in 2014, but ultimately opted to remain silent.
The stolen data included names, email addresses, phone numbers, birth dates, hashed passwords, as well as security questions and answers. Later reports suggested the billion snatched credentials were sold on the Dark Web for about $300,000.
The SEC has since requested documents from Yahoo to determine whether the company had legitimate reasons to withhold revealing the breaches to investors.
It remains to be seen whether the investigation will have any impact on Yahoo’s takeover negotiations with Verizon, which is reportedly seeking to shave off $1 billion from the original $4.8 billion buyout agreement.