Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Yahoo! agrees to pay $35mn penalty for data breach

Yahoo! agrees to pay $35mn penalty for data breach

YahooWashington : Yahoo!, now known as Altaba, which was charged with failing to disclose a massive data breach, has agreed to pay $35 million in penalty to the US Securities and Exchange Commission (SEC).

In a statement late on Tuesday, the SEC said the entity formerly known as Yahoo! Inc. has agreed to settle charges that it misled investors by failing to disclose one of the world’s largest data breaches in which hackers stole personal data relating to its three billion users.

According to the SEC’s order, within days of the December 2014 intrusion, Yahoo’s information security team learned that Russian hackers had stolen what the security team referred to internally as the company’s “crown jewels”.

There “crown jewels” were usernames, email addresses, phone numbers, birthdates, encrypted passwords, and security questions and answers for hundreds of millions of user accounts.

The fact of the breach was not disclosed to the investing public until more than two years later, when in 2016 Yahoo was in the process of closing the acquisition of its operating business by Verizon Communications, Inc, the statement read.

“We do not second-guess good faith exercises of judgment about cyber-incident disclosure. But we have also cautioned that a company’s response to such an event could be so lacking that an enforcement action would be warranted. This is clearly such a case,” said Steven Peikin, Co-Director of the SEC Enforcement Division.

The SEC statement said that when Yahoo filed several quarterly and annual reports during the two-year period following the breach, the company failed to disclose the breach or its potential business impact and legal implications.

“Instead, the company’s SEC filings stated that it faced only the risk of, and negative effects that might flow from, data breaches,” it added.

In addition, the SEC found that Yahoo did not share information regarding the breach with its auditors or outside counsel in order to assess the company’s disclosure obligations in its public filings.

Verizon acquired Yahoo’s operating business in June 2017 for $4.48 billion. Yahoo has since changed its name to Altaba Inc.

—IANS

Yahoo! agrees to pay $35mn penalty for data breach

All 3 billion user accounts were hacked in 2013: Yahoo

YahooSan Francisco : Revealing last year that its one billion user accounts were affected by a data breach in 2013, Yahoo has now announced that all of its users — nearly 3 billion at that time — were impacted by the massive data breach.

Yahoo, now part of Oath — a subsidiary of Verizon — said late on Monday that it is providing notice to additional user accounts affected by an August 2013 data theft previously disclosed by the company on December 14, 2016.

At that time, Yahoo disclosed that more than one billion of the approximately three billion accounts existing in 2013 had likely been affected.

“Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft,” Yahoo said in a statement.

Yahoo is now sending email notifications to the additional affected user accounts.

“The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement,” the statement further said.

Yahoo was acquired by Verizon for $4.48 billion.

“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said Chandra McMahon, Chief Information Security Officer, Verizon.

“Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources,” McMohan added.

Last yeat, Yahoo disclosed a new security breach that may have affected more than one billion user accounts.

“For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,” said Bob Lord, Chief Information Security Officer, Yahoo.

—IANS

Twitter holds merger talks with Yahoo: Reports

Twitter holds merger talks with Yahoo: Reports

twitteryahooNew York,(IANS) Executives from the sinking micro-blogging website Twitter have met Yahoo CEO Marissa Mayer to discuss merger possibilities, the media reported.

At the management meeting, Twitter and Yahoo executives spent several hours hashing out Yahoo’s financials and whether a strategic combo might make sense, a source close to the talks told the New York Post on Friday.

“Twitter is the destination for instant news and Yahoo has a lot of eyeballs on its site. The idea is not as crazy as you might think,” the source was quoted as saying.

According to the report, Twitter appeared mainly interested in taking information out of Yahoo and it bowed out of the bidding process soon. Twitter CEO Dorsey did not show up for the Yahoo meeting.

“When your CEO does not show up for a management meeting, you have to wonder how serious it was,” the source said, adding that Twitter’s interest was not driven by “some huge thesis – it was a flyer”.

Meanwhile, a Twitter spokesperson has said that the company does not comment on rumour and speculation.

Yahoo officials declined to comment.

Second-round bids for Yahoo’s core internet business are due early next week with telecom giant Verizon still seen as leading the pack.