As social media giant Yahoo tries to assuage user concerns about a 2014 cyber security attack that exposed private information, the internet firm faced tough questions from a Senate hearing regarding the timeline of the discovery and the delay in reporting it.

The probe comes at a time when Yahoo is in negotiations with Verizon for a takeover of its core business, and it is unknown if the company knew of the breach before announcing the Verizon deal last July.

Although Yahoo claims to have detected the security breach just months ago during a review after what it terms an “unrelated” and “meritless” hack, it has not yet identified when it was first made aware of the 2014 attack or explained why its users were not notified in a timely manner.

As many as 500 million user accounts were hacked, something lawmakers called, “unacceptable.”

“That means millions of Americans’ data may have been compromised for two years,” six Democrat senators wrote in a letter to Yahoo Chief Executive Marissa Mayer, whose spokesman said the company would reply “in a timely and appropriate manner.”

The senators demanded information about Yahoo’s investigation on the breach and its plans to protect those users who were affected and prevent such attacks in the future.

Yahoo has stated that it believes the hack was committed by a “state actor,” although the company has declined to be more specific in naming a likely suspect.

“The stolen data included usernames, passwords, email addresses, telephone numbers, dates of birth, and security questions and answers,” according to the Senate Privacy Subcommittee members.

Federal Trade Commission Chairwoman Edith Ramirez has said that prompt disclosure of such breaches, preferably within 60-days, is “a priority,” but declined to say if the FTC is investigating Yahoo.

 

 

 

Send this to friend