Yahoo’s having a terrible 2016: After it was acquired for a pittance by Verizon in July, the company admitted to a massive breach that took place in 2014 and saw hackers make off with 500 million users’ personal information.
Its new owner subsequently sought a billion-dollar discount on its purchase. As if things couldn’t get much worse, the company noted in a filing with the US Securities and Exchange Commission that at least some of its staff were aware of the breach in 2014, and that’s it’s currently evaluating whether the hackers have gained access to users’ accounts.
That’s bad – really, really bad. The company said that earlier this week, “law enforcement authorities began sharing certain data that they indicated was provided by a hacker who claimed the information was Yahoo user account data,” and that it will “analyze and investigate the hacker’s claim that the data is Yahoo user account data.”
Clearly, Yahoo will have its hand full with this investigation. What’s odd is that it the company this long to admit that it was hacked. In the filing, it said:
An Independent Committee of the Board, advised by independent counsel and a forensic expert, is investigating, among other things, the scope of knowledge within the Company in 2014 and thereafter regarding this access, the Security Incident, the extent to which certain users’ account information had been accessed, the Company’s security measures, and related incidents and issues.
Yahoo will also look into whether the hackers, which it believes are state-sponsored, created cookies that would have allowed them to bypass Yahoo’s security measures and “access certain users’ accounts or account information.”
Add to that the fact that the company is facing 23 class-action lawsuits filed by users who claim to have been impacted by the breach, and the possibility of Verizon looking to “terminate the Stock Purchase Agreement or renegotiate the terms of the Sale transaction,” and you have the recipe for the gloomiest holiday season ever.