New Filing Confirms Yahoo Was Aware of Large-Scale Email Hack in 2014 - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

New Filing Confirms Yahoo Was Aware of Large-Scale Email Hack in 2014

by

In September, Yahoo confirmed that at least 500 million of its users' accounts had been compromised during an attack in late 2014. Now, in a recent filing with the Securities and Exchange Commission, it was revealed that the company knew about the hack when it originally happened in 2014, but waited two years to divulge it to the public (via TechCrunch)

Describing the investigation, the new SEC filing notes a "state-sponsored actor" who gained access to the company's network in late 2014, along with Yahoo's awareness and identification of the individual in question during the same time period. Information stolen included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.

yahoo

In late July 2016, a hacker claimed to have obtained certain Yahoo user data. After investigating this claim with the assistance of an outside forensic expert, the Company could not substantiate the hacker’s claim. Following this investigation, the Company intensified an ongoing broader review of the Company’s network and data security, including a review of prior access to the Company’s network by a state-sponsored actor that the Company had identified in late 2014. Based on further investigation with an outside forensic expert, the Company disclosed the Security Incident on September 22, 2016, and began notifying potentially affected users, regulators, and other stakeholders.

Now a board made up of independent counsel and a forensic expert is said to be investigating "the scope of knowledge within the company in 2014," as well as Yahoo's basic security measures and related incidents. The filing describes $1 million in losses for Yahoo relating to the security breach so far.

Additionally, Yahoo said that 23 class action lawsuits have been filed against the company by consumers targeted by the security breach in 2014, in both federal and state courts, as well as foreign courts. Plaintiffs in the cases claim to have been "harmed by the company's alleged actions and/or omissions" relating to the hack. The scope and monetary damages sought by each consumer was not divulged.

In attempts to move past the incident, Yahoo is cooperating with federal, state, and foreign governments and agencies who are investigating the hack. The biggest blowback for Yahoo might still be in its planned sale to Verizon, the latter company now asking for a $1 billion discount due to Yahoo's current turbulent drama with the news of the 2014 hack.

Tag: Yahoo

Top Rated Comments

macduke Avatar
126 months ago
I'd hope Yahoo gets into huge legal trouble for this, but all that does is hurt the lowly employees who lose their jobs as the company breaks apart. The executives that make these decisions never suffer any real-world consequences, and can bail out with their golden parachute as if nothing happened. We need to go after the executives and take the money out of their pockets. Once we strike fear into the heart of executives nation wide, then and only then will we have any real positive change for consumers. Executives who take clear, obviously negative actions that knowingly put their customers at risk should be held personally accountable—not the company itself. It should be a part of the assumed responsibility and risk you take in exchange for making millions of dollars per year.
Score: 9 Votes (Like | Disagree)
A MacBook lover Avatar
126 months ago
Marissa Mayer is a joke, how on earth is she still running yahoo?
Score: 7 Votes (Like | Disagree)
duervo Avatar
126 months ago
Screw Yahoo! Mail. I setup my own personal email server. It has classified material in it, but I don't care.
Score: 2 Votes (Like | Disagree)
CarlJ Avatar
126 months ago
Information stolen included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.
This is why not only do I have separate, long, random, passwords for every single site (thanks 1Password), but I also never answer "security questions" with legit answers. It's like they're saying, "please set up one secure password, plus three more that someone can find out by googling you". So my "security answers" are all completely nonsensical. By the way, my parents are Atilla the Hun and Joan of Arc, and I was born in 1752 in Mare Tranquillitatis on the moon.
Score: 2 Votes (Like | Disagree)
126 months ago
I thought there was a law that stated that a company must go public within 90 days if more than 500 people were affected. If that is true and Yahoo waited 2 years to go public, then I see a huge class action lawsuit coming.
Score: 2 Votes (Like | Disagree)
MacBH928 Avatar
126 months ago
1 word: ProtonMail

and thanks for this post reminding me to close my yahoo accounts
Score: 1 Votes (Like | Disagree)

Popular Stories

iCloud iPhone 17 Pro

iPhone Users Who Pay for iCloud Storage Get Two New Perks on iOS 27

Thursday July 2, 2026 6:10 am PDT by
If you pay for certain iCloud+ storage plans beyond the 5GB that Apple offers for free, you will receive two more perks on iOS 27 at no additional cost. A summary of the two new iCloud+ perks on iOS 27:Increased daily usage limits for some new Apple Intelligence features, including image generation in the revamped Image Playground app. HomeKit Secure Video cameras receive generated video...
Apple Event Logo

Apple Just Released a New Product

Thursday July 2, 2026 8:04 am PDT by
Apple's first product release of summer 2026 occurred this week, but do not get too excited, as it is merely the Beats Solo Buds in a new color. Beats Solo Buds are now offered in orange through Best Buy in the U.S., with availability set to expand to 7-Eleven stores in Japan on July 4. Apple already offered orange Solo Buds in India for free with the purchase of an iPhone 15 or iPhone 15 ...
iPhone 4 on Black Feature

Apple Facing One of Its Worst Leaks Since the iPhone 4

Thursday July 2, 2026 9:53 am PDT by
Apple supplier Tata Electronics recently suffered a cyberattack that resulted in thousands of confidential files being published on the dark web, and this reportedly included some photos and documents related to the upcoming iPhone 18 Pro. We have elected not to share any of the leaked photos in this story due to the illegal nature in which they were obtained, but they can easily be found...