Details of the hack, likely one of the largest in history, only came to light last week following a two-month investigation by Yahoo! ahead of its planned sale to Verizon Communications. Earlier in the year, Yahoo disclosed that it was following up claims that a hacker was offering to sell large volumes of Yahoo! user data online. The hacker, known as ‘Peace of Mind’, is also responsible for selling data dumps obtained through large-scale hacks on both LinkedIn and MySpace. However, the 200 million accounts’ worth of Yahoo! information listed online by Peace of Mind largely covered accounts that had been disabled or were no longer in use, and a $2,000 sell price for the information suggests that the data was very low quality.

Details remain foggy

A statement released by Yahoo! on Thursday evening claimed that ‘state-sponsored’ hackers were responsible for the 2014 breach, but declined to elaborate on why is has taken almost two years for Yahoo! to disclose the breach to the public. There has been no indication as to when Yahoo! itself learned that about the theft, how the theft was carried out, or about how Yahoo arrived at its conclusion that a state-sponsored hacker was behind the attack.

‘Unacceptable’ delay

Suitor Verizon Communications has so far stayed quiet about the future of its planned $4.8bn acquisition of Yahoo!’s assets in light of the disclosure. Yahoo reportedly only informed Verizon of the breach two days before it went public with the information, and its impact upon the terms of Verizon’s planned acquisition will depend on the extent of the due diligence already conducted. However, members of the US Senate have been considerably more vocal in their criticism of Yahoo. On Tuesday, six Democratic senators co-authored a letter to Yahoo! that lambasts the company for failing to detect the breach until almost two years after it took place. ‘That means that millions of Americans’ data may have been compromised for two years,’ they said. ‘This is unacceptable.’

Sources: BigLaw Business; Reuters; Fortune; The Guardian