Yahoo sale to Verizon delayed, following revelation of massive security breaches

Graham Cluley

Yahoo sale to Verizon delayed, following revelation of massive security breaches

Yahoo sale to Verizon delayed, following revelation of massive security breaches

The Daily Telegraph reports:

Yahoo revealed its $4.8bn deal to offload its main web business to Verizon Communications has been delayed, just hours after it emerged the company is under investigation for the two record data breaches that have cast a shadow over the sale.

The American internet company had been due to sell its core business to Verizon during the first three months of the 2017. However, in a twist to the already troubled deal, Yahoo disclosed this evening that the disposal is now not expected to complete until the second quarter.

It came as reports from the US indicated Yahoo is being investigated by the Securities and Exchange Commission (SEC) over whether it should have announced the huge data breaches to investors sooner.

If you recall, Yahoo revealed in September 2016 that the personal data of over 500 million users had been stolen by hackers in 2014.

That was bad enough, but then in December it disclosed that in a separate breach over one billion accounts had had their details breached backed in 2013.

We already know that some Yahoo staff knew as far back as 2014 that it had been hacked.

As Reuters explains, the SEC will want to know whether Yahoo deliberately chose not to inform investors of the security breaches:

Securities industry rules require companies to disclose cyber breaches to investors. Although the SEC has long-standing guidance on when publicly traded companies should report hacking incidents, companies that have experienced known breaches often omit those details in regulatory filings, according to a 2012 Reuters investigation.

Democratic U.S. Senator Mark Warner asked the SEC in September to investigate whether Yahoo and its senior executives fulfilled obligations to inform investors and the public about the 2014 hacking attack.

If the Verizon/Yahoo deal ends up going ahead at all, my guess is that Verizon is not going to be paying the $4.8 billion it originally offered Yahoo.

Which is obviously good news for Verizon. I mean, imagine if they had only found out about these massive security breaches after they had acquired Yahoo? They might feel like they weren’t in possession of all the facts to make an accurate assessment of how much Yahoo was worth.

If you’re in the business of scooping up another company, you probably want to uncover all of its dirty little secrets before you open your wallet.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

3 Replies to “Yahoo sale to Verizon delayed, following revelation of massive security breaches”

  1. In this case it was anything but a "dirty little secret". It was a whopping great big data breach that they kept secret and Yahoo deserve the sale to fall through because of their mendaciousness.

  2. This is karma. Yahoo's chief security guy warned the board, tried to get the problems fixed, was told "no – we don't want to scare people – just let's leave it insecure and save $$$". He resigned over it. The rest of the board thought they were laughing all the way to the bank, with clearly NO regard for the problems this caused millions of customers, all so they could maximise their earnings and pay themselves huge bonuses. Well, it would appear that this may well have backfired. Directors of this level of wealth will usually find a way to avoid paying any kind of fine or official sanction, but a massive hit in the pocket should send a clear message to any company thinking it can ignore security and treat its customers with contempt. If I was Verizon I'd offer them £1 for it just to make the point. I mean does anyone still think Yahoo is worth a dime?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES