• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Yahoo! Fined 35 Million USD For Late Disclosure Of Hack

May 4, 2018

Views: 3,799

Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 years delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public – Massive Yahoo Hack – 500 Million Accounts Compromised.

Yahoo! Fined 35 Million USD For Late Disclosure Of Hack

Yahoo! has been having a rocky time for quite a few years now and just recently has sold Flickr to SmugMug for an undisclosed amount, I hope that at least helps pay off some of the fine.

The Disaster Formerly Known as Yahoo! has been fined $35m by US financial watchdog, the SEC, for failing to tell anyone about one of the world’s largest ever computer security breaches.

Now known as Altaba following its long, slow and painful descent in irrelevance, Yahoo! knew that its entire user database – including billions of usernames, email addresses, phone numbers, birthdates, passwords, security questions – had been grabbed by Russian hackers back in December 2014 – just days after the break-in occurred.

Security staff informed senior Yahoo! management and its legal department, who then demonstrated the same kind of business and strategic nous that saw the company fold into itself when they decided to, um, not tell anyone.

It wasn’t until two years later when telco giant Verizon said it wanted to buy the troubled company that Yahoo! finally revealed the massive breach.

The SEC is, understandably, not overly impressed. “Yahoo! failed to properly investigate the circumstances of the breach and to adequately consider whether the breach needed to be disclosed to investors,” it said Tuesday, before the co-director of its enforcement division, Steven Peikin, gave what amounts to a vicious burn in the regulatory world.

“We do not second-guess good faith exercises of judgment about cyber-incident disclosure,” said Peikin. “But we have also cautioned that a company’s response to such an event could be so lacking that an enforcement action would be warranted. This is clearly such a case.”

Honestly, it was a pretty shady move, they knew about the compromise DAYS after the incident, it was escalated to the legal team and the senior management – they had material information but they chose to sit on it until the Verizon acquisition was on the table and due diligence would have uncovered it anyway.

Not exactly responsible disclosure or doing the best for the customers is it? But then, that’s Yahoo! and decisions like that demonstrate exactly why they are irrelevant today in 2018.

Another SEC staffer – director of its San Francisco office, Jina Choi, also piled in, noting that: “Yahoo!’s failure to have controls and procedures in place to assess its cyber-disclosure obligations ended up leaving its investors totally in the dark about a massive data breach. Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”

Yahoo! should have let investors know about the massive breach in its quarterly and annual reports because of the huge business and legal implications to its business, the SEC said.

But it didn’t of course – probably because it was already desperate to get someone to buy it following years of abortive efforts by CEO Marissa Meyer to turnaround what was once the internet’s poster child.

The SEC also found that Yahoo! did not share information on the breach with either auditors or its outside lawyers. The Canadian who helped the Russians gain access to the data faces eight years in jail.

Yahoo! has “neither admitted nor denied the findings in the SEC’s order” – which is so Yahoo!.

For some reason Verizon still bought the dried out husk of the company in June 2017, although it extracted a significant reduction in the share price. It paid $350m less than its initial offer but it is estimated that it will cost Verizon $500m to clean up the mess Yahoo! left behind.

I’m starting to wonder if they will even still exist in 2025 or will have totally faded to join AskJeeves and Altavista.

The only value in Yahoo! today is basically it’s stake in Alibaba, Verizon bought it for 5% of it’s peak value and now it’s probably worth even less (Maybe only $1-2 Billion vs $100 Billion at its peak).

Source: The Register

Share386
Tweet58
Share
Buffer28
WhatsApp
Email
472 Shares

Filed Under: Hacking News Tagged With: yahoo



Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

AgentSmith HIDS - Host Based Intrusion Detection

AgentSmith HIDS – Host Based Intrusion Detection

padre - Padding Oracle Attack Tool

padre – Padding Oracle Attack Exploiter Tool

Privacy Implications of Web 3.0 and Darknets

Privacy Implications of Web 3.0 and Darknets

DataSurgeon - Extract Sensitive Information (PII) From Logs

DataSurgeon – Extract Sensitive Information (PII) From Logs

Pwnagotchi - Maximize Crackable WPA Material For Bettercap

Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap

HardCIDR - Network CIDR and Range Discovery Tool

HardCIDR – Network CIDR and Range Discovery Tool

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (225)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (430)
  • Forensics (64)
  • Hacker Culture (8)
  • Hacking News (228)
  • Hacking Tools (681)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (72)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (218)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,180,652)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,172,331)
  • Top 15 Security Utilities & Download Hacking Tools (2,095,302)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,198,652)
  • Password List Download Best Word List – Most Common Passwords (931,742)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (774,386)
  • Hack Tools/Exploits (672,571)
  • Wep0ff – Wireless WEP Key Cracker Tool (528,815)

Search

Recent Posts

  • AgentSmith HIDS – Host Based Intrusion Detection August 31, 2023
  • padre – Padding Oracle Attack Exploiter Tool May 28, 2023
  • Privacy Implications of Web 3.0 and Darknets March 31, 2023
  • DataSurgeon – Extract Sensitive Information (PII) From Logs March 21, 2023
  • Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap February 12, 2023
  • HardCIDR – Network CIDR and Range Discovery Tool December 29, 2022

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2023 Darknet All Rights Reserved · Privacy Policy