New | Yahoo faces growing scrutiny over when it learned of data breach by hackers

Yahoo on Friday faced pointed questions about exactly when it knew about a cyber attack that exposed the email credentials of 500 million users, a critical issue for the company as it seeks to prevent the breach from affecting a pending takeover by Verizon.

The internet company has so far not provided a clear, detailed timeline about when it was made aware of the breach announced Thursday. Yahoo blamed the incident on a “state-sponsored actor” but has not provided any technical information supporting that claim.

“We don’t know a lot. We don’t know how the bad guys broke in. We don’t know when Yahoo first found out,” said Jeremiah Grossman, chief of security strategy for SentinelOne and a former information security officer at Yahoo.

In a September 9 regulatory filing with the Securities and Exchange Commission, Yahoo stated it did not have knowledge of “any incidents of, or third party claims alleging ... unauthorised access” of personal data of its customers that could have a material adverse effect on Verizon’s acquisition.

Verizon agreed in July to pay US$4.83 billion for Yahoo’s core business. If the hacking prompts customers to leave Yahoo, the company may see its value erode.

Some lawmakers swiftly called for close scrutiny of what the company knew and when.