The United States Securities and Exchange Commission (SEC) has opened an investigation, analyzing Yahoo due to multiple Information breaches. Authorities are currently investigating whether Yahoo has disclosed its data breaches to investors sooner than expected. Based on the information published in the media, the SEC investigation is still an ongoing process.
The research is bound to examine whether the disclosures made by Yahoo about data breaches adhere to the local securities regulations. In September 2016, Yahoo shared the details regarding its first hack, underlining a state-sponsored actor about two years after the breach happened. About five hundred million accounts were damaged due to this significant data breach is known to be the biggest one ever existing.
At that time, Yahoo stated that even if passwords together with other data were stolen, valuable information like bank and payment data remained untouched. Back in November 2016, Yahoo argued that it was collaborating with foreign, state and federal agencies which were working on revealing the data on the breach in 2014. The list of companies includes many State Attorneys General, the US attorney’s office in Manhattan and the Federal Trade Commission.
In December another hack was unveiled. Unfortunately, more than one billion accounts appeared to have been stolen in August 2013, a year before the previously disclosed attack. In a statement, Yahoo declared that the hackers seemed to have taken the date of birth, hashed passwords, telephone numbers, email addresses, names and, in some cases, they had even stolen unencrypted and encrypted security questions together with their answers.
In the statement, the former tech giant argued that the ongoing investigation showed that the company thinks that and unauthorized third party accessed the property code of the company to find out how to forge cookies. Forensic experts have spotted user accounts for which they thought forged data was taken.
At that time, a Yahoo spokesperson stated that the company is collaborating with law enforcement. In September, Mark Warner, the Democratic senator, required the SEC to analyze the situation, revealing whether Yahoo and its executives managed to accomplish their duties to publish data about the hack from 2014.
Before he found out about the second hack, Warner stated that public companies like Yahoo are required to reveal material events which the shareholders and the public should be aware of.
Image courtesy of: flickr