Beleaguered communications giant Yahoo said on Wednesday that the major hack its services suffered may have included software “cookies” planted by hackers in order to have continuous access to its users’ accounts.
In September, the company said that hackers might have stolen names, email addresses, telephone numbers, dates of birth and encrypted passwords of around 500 million its account holders in 2014.
The revelation came after Yahoo CEO Marissa Meyer had announced in July that the firm had reached an agreement with Verizon to acquire Yahoo’s operating business. The $4.8 billion acquisition may be endangered by Yahoo’s new revelations.
"Forensic experts are currently investigating certain evidence and activity that indicates an intruder, believed to be the same state-sponsored actor responsible for the security incident, created cookies that could have enabled such an intruder to bypass the need for a password to access certain users' accounts or account information," the company said in a November 9, 2016 filing to the US Securities and Exchange Commission.
“Our security measures may be breached as they were in the security incident and user data accessed, which may cause users and customers to curtail or stop using our products and services, and may cause us to incur significant legal and financial exposure,” it noted.
While the breach took place in late 2014, Yahoo didn’t publicise the hack until September 2016. The filing also reveals that investigators are trying to determine the extent of Yahoo’s knowledge of the breach at the time it happened.
Yahoo faces 23 lawsuits filed on behalf of Yahoo users who claim they were harmed by the hack.
Verizon says it will proceed with caution but that the acquisition deal may still go forward.
At the Wall Street Journal's WSJSLive technology conference that took place in October, Verizon Executive Vice President Marni Walden said, "What we have to be careful about is what we don't know."
She added, “We are not going to jump off a cliff blindly, but strategically the deal still does make sense to us.”