Yahoo execs botched its response to 2014 breach, investigation finds

Yahoo's security team knew an intrusion had occurred in 2014, but the company failed to properly investigate, an internal committee has found

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

If your company has experienced a data breach, it's probably a good idea to thoroughly investigate it promptly.

Unfortunately, Yahoo didn't, according to a new internal investigation. The internet pioneer, which reported a massive data breach involving 500 million user accounts in September, actually knew an intrusion had occurred back in 2014, but allegedly botched its response.

The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach, which the company has blamed on a state-sponsored hacker.

That breach, which only became public last year, involved the theft of user account details such as email addresses, telephone numbers, and hashed passwords. After Yahoo went public with it, the company established an independent committee to investigate the matter.

The committee found that Yahoo’s security team and senior executives actually knew that a state-sponsored actor had hacked certain user accounts back in 2014, according to the filing. But even as the company took some remedial actions, such as notifying 26 users targeted in the hack and adding new security features, some senior executives allegedly failed to comprehend or investigate the incident further.

To continue reading this article register now