Senator seeks probe of Yahoo security after massive hack revealedPosted On: Dec. 15, 2016 11:14 AM CST
(Reuters) — A senior Democratic senator on Thursday said he intended to investigate Yahoo Inc.'s cyber security practices after the company announced it had uncovered another massive data breach dating to August 2013 that affected more than 1 billion user accounts.
The haul of data is the largest on record and appears to be separate from a 2014 attack the beleaguered internet company disclosed earlier, Yahoo said Wednesday.
"This most recent revelation warrants a separate follow-up and I plan to press the company on why its cyber defenses have been so weak as to have compromised over a billion users," Sen. Mark Warner, D-Va., said in a statement to Reuters.
Sen. Warner, who will become the top Democrat on the Senate Intelligence Committee next year, described the hacks as "deeply troubling." He said he had repeatedly asked Yahoo for briefings about the 2014 hack, which affected 500 million accounts, but had not received a response.
After the 2014 hack, which was disclosed in September, Sen. Warner asked the U.S. Securities and Exchange Commission to investigate whether Yahoo had fulfilled obligations to inform investors and the public about it.
"If a breach occurs, consumers should not be first learning of it three years later," Sen. Warner said on Thursday. "Prompt notification enables users to potentially limit the harm of a breach of this kind, particularly when it may have exposed authentication information such as security question answers they may have used on other sites."
In a statement Wednesday, Yahoo said the billion stolen user account credentials may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
Verizon Communication Inc. said in October that it might withdraw from an agreement to buy Yahoo's core internet business for $4.83 billion. Following news of the latest hack, Verizon said it would "review the impact of this new development before reaching any final conclusions."