US senators slam 'troubling revelation' Yahoo failed to report 'biggest ever' breach for years
In 2014, Yahoo claims a 'state-sponsored' hacker stole 500 million accounts.
Half a dozen US senators have blasted internet giant Yahoo for the "troubling revelations" that 500 million user accounts were compromised by hackers in 2014 and have called for immediate answers as to why the firm took two years to tell the public about the loss of data.
In an official congressional letter addressed directly to Yahoo chief Marissa Mayer, the six lawmakers said they were "disturbed" that millions of Americans' data may have been in-the-wild for two years. "This is unacceptable," they said.
The hack at Yahoo is believed to be the biggest known data breach in history, with stolen information including names, email addresses, telephone numbers, dates of birth, security questions and hashed passwords. In a statement, the organisation blamed a "state-sponsored actor."
"Consumers put their trust in companies when they share personal and sensitive information with them, and they expect all possible steps be taken to protect that information," wrote Senators Patrick Leahy, Al Franken, Elizabeth Warren, Richard Blumenthal, Ron Wyden and Edward Markey.
The letter continued: "This breach is the latest in a series of data breaches that have impacted the privacy of millions of American consumers in recent years, but it is by far the largest.
"This is highly sensitive personal informationthat hackers can use not only to access Yahoo customer accounts, but also potentially to gain access to any other account or service that users access with similar login or personal information, including bank information and social media profiles."
In a series of formal questions, the officials demanded Yahoo "provide a briefing" to Congress about the ongoing investigation into the breach. It asked for information on when Yahoo first became aware of the incident, if the firm has changed its security protocols and how it came to the conclusion that a state-sponsored hacker was responsible.
"In light of the troubling revelations, please answer the questions to help Congress and the public better understand what went wrong and how Yahoo intends to safeguard data and protect its users, both now and in the future," the letter stated.
In a statement, a Yahoo spokesperson said: "We have received the letter and will work to respond in a timely and appropriate manner." The scathing demands of the US senators came after the FBI revealed it was looking into the claims of nation-state involvement.
As the dust settles following the news of the hack, it remains to be seen if the major breach will have an impact on the ongoing takeover deal with Verizon, which bought Yahoo's core business for $4.8bn (£3.6bn) in July this year.
In a statement, Verizon said it may "evaluate" its position as more information comes to light. "We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact," it stated.
"We will evaluate as the investigation continues through the lens of the overall Verizon interests, including consumers, customers, shareholders and related communities. Until then, we are not in a position to further comment."
If you are concerned about the Yahoo data breach – follow our guide on how to check if you're affected and what to do next
© Copyright IBTimes 2024. All rights reserved.