Yahoo! Inc. (NASDAQ:YHOO) revealed recently that data of 500 million accounts were stolen in 2014 by hackers. This makes it the biggest ever cyber breach in the world. It is three times bigger in size than any other attack on sites like eBay Inc. The company also said there was a state-sponsored actor behind the incident. However, the identity of the hackers has not been disclosed. The attack affected 500 million Yahoo accounts.
Data stolen includes names, telephone numbers, birth dates, email addresses, and the encrypted passwords. Luckily, information about bank accounts and credit card details were not compromised.
The attack was discovered only recently, though it goes back to 2014. There were reports of another breach in August. That proved false, but Yahoo ended up discovering the 2014 data theft. The company has hired cyber security firm Stroz Friedberg to further investigate the hacking.
US Senator Wants a Detailed Probe
Democratic Senator, Mark Warner, now says that the U.S. Securities and Exchange Commission should investigate the matter. They need to find out whether Yahoo and its senior executives adequately informed the public and investors about this hacking. The FBI has also been asked to investigate the incident.
In a letter to the SEC, Warner said, “Disclosure is the foundation of federal securities laws, and public companies are required to disclose material events that shareholders should know about”.
Yahoo has faced questions on when it discovered the cyber attacks. Warner questions whether Yahoo (NASDAQ:YHOO) “made complete and accurate representations” of their information technology and security systems. They must do a thorough evaluation of its systems and make a full report of the data breach, he said.
Businesses Do Not Publish Details
However, Reuters reported in 2012 that companies often omit details of breaches. The SEC has guidelines on how such hacking incidents should be reported, but that is ignored. This time, though, it might be different because of the size of the violation.
The state of Massachusetts has also asked for more information from the company. However, so far, Yahoo has not furnished any clear timeline on when more details of the breach will be made public.
Meanwhile, Yahoo has asked its users to change their passwords. It has however not been made mandatory. The company has assured all, saying that everything will be done to prevent such attacks in the future.