Yahoo Inc (YHOO.O) was sued on Friday by a user who accused it of gross negligence over a massive 2014 hacking in which information was stolen from at least 500 million accounts.
Advertisement
Users who might be affected are to be contacted by Yahoo, asked to change their passwords, and to use other ways of verifying their account. Yahoo, while attributing this hack as ‘state sponsored, ‘ has fallen short of naming the country. Verizon agreed to buy the Yahoo’s core properties for $4.83 billion in July, and it’s unclear how the security breach will impact the sale.
The firm has said that user information including names, email addresses, phone numbers, birth dates and encrypted passwords were compromised after the hack in late 2014.
“As law enforcement and regulators examine this incident, they should investigate whether Yahoo may have concealed its knowledge of this breach in order to artificially bolster its valuation in its pending acquisition by Verizon”, Richard Blumenthal, a Democratic senator from CT, said.
Under that theory, it’s more likely that the attackers would have only been interested in a small number of accounts connected to political targets, perhaps even harnessing reused Yahoo credentials or cross-site login features to access their accounts on other sites as well. Affected users are being notified, accounts are being secured, and there’s no evidence the attacker is still in the network, Yahoo also said. What they don’t realize is that it’s still active and their information is still associated with it.
Yahoo credentials have always been relatively affordable on the black market, he says-the 200 million listed earlier this year were reportedly offered for under $2,000-which could be a reflection of the ease with which hackers can obtain them, Finan says. The suit, for which the firm intends to seek class action status, accuses Yahoo of “failure to establish and implement basic data security” and being “grossly negligent” with user data, according to the complaint.
Yahoo declined to comment on “ongoing litigation”.
“The idea that ‘I don’t use that account any more, I don’t have to worry about it.’ – in most cases, unfortunately that’s wrong”, he said. This information, along with answers to security questions, could help hackers break into victims’ online accounts.
Advertisement
In a statement, Verizon said: “We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities”.
