Yahoo hacking probe accelerates as U.S. said to charge four
(Bloomberg) -- U.S. officials are planning to unseal charges against four people, including two linked to the Russian intelligence service, related to the hacking attacks against Yahoo! Inc., according to a person briefed on the matter.
The Justice Department is accusing them of participating in massive online security breaches that compromised hundreds of millions of user accounts, said the person, who asked not to be identified because it was a sensitive legal matter. The hacks came to light last year and threatened to derail the sale of Yahoo’s web operations to Verizon Communications Inc.
One of the people was arrested in Canada Tuesday and was scheduled to appear in court Wednesday for an extradition hearing, according an officer with the court in Hamilton, near Toronto. Additional details weren’t immediately. Three of the suspects are believed to be in Russia, according to the person. Representatives of Sunnyvale, California-based Yahoo and the Justice Department declined to comment.
The security breach, which happened years earlier, was revealed almost five months after Verizon’s initial offer in July to acquire Yahoo’s key internet assets including its finance, sports and other websites. Verizon then insisted on a better deal and ultimately, trimmed its offer price by $350 million to $4.48 billion.
Yahoo has been afflicted by two major breaches in recent years. The company said in December that cyber-thieves in 2013 siphoned information including users’ email addresses, scrambled account passwords and dates of birth. The stolen data could allow criminals to go after more sensitive personal information elsewhere online. Earlier in September, Yahoo disclosed another breach dating back to 2014 that had affected about 500 million customer accounts.
The company hasn’t been able to identify the intruders associated with the 2013 breach, according to a filing this month. Yahoo also has said it believes the thief in the 2014 hack was a “state-sponsored actor,” though two people familiar with the matter have said it wasn’t certain a nation-state was involved.
The hacks recently led to management changes at Yahoo. General Counsel Ronald Bell left the web portal after the company found its legal team had had enough information about the security breaches to warrant further inquiry, but didn’t sufficiently pursue it. Chief Executive Officer Marissa Mayer didn’t receive a cash bonus last year. A committee found no intent to suppress information about the hacks, but said key executives should have done more when the issues was discovered.
The breaches have resulted in millions of dollars in legal and investigative costs, according to company filings, and spurred more than 40 lawsuits. Yahoo also continues to work with the U.S. Securities and Exchange Commission, Federal Trade Commission, the Manhattan U.S. Attorney’s Office, and two state attorneys general on related inquiries.
--With assistance from Josh Wingrove and Gerrit De Vynck