Yahoo has announced that it is investigating a new claim made by US law enforcement authorities over a new potential breach of its user account data.
The authorities are said to have received the information from a hacker who claimed that it was related to Yahoo.
The company said in a regulatory filing that it is taking the help of forensic experts to analyse and investigate the hacker’s claim that the data is Yahoo user account data.
Yahoo has also updated investors on a massive cyber attack that was revealed in July.
In September, the company disclosed that certain user account information for at least 500 million user accounts was stolen from its network in late 2014.
Also on CBR: Post-breach forensics: How did Yahoo get hacked?
The cyber attack issue came at a time when the company was preparing to sell its core web services to Verizon Communications for approximately $4.83bn in cash.
In the filing, the company said that the user account information was stolen by a state-sponsored actor.
Yahoo said: “The company had identified that a state-sponsored actor had access to the company’s network in late 2014.”
The user account information that was hacked included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
The forensic experts are currently examining certain evidence and activity that indicates an intruder created cookies that could have allowed him to bypass the need for a password to access certain users’ accounts or account information.
However, the firm said that the investigation conducted on the cyber attack indicated that the stolen information did not include unprotected passwords, payment card data, or bank account information.
Yahoo said in the filing: “Payment card data and bank account information are not stored in the system that the investigation found to be affected.
“Based on the investigation to date, we do not have evidence that the state-sponsored actor is currently in or accessing the company’s network.”
The company incurred expenses $1 million related to cyber attack in the quarter ended 30 September 2016.
Regarding the Verizon deal, Yahoo said that it is expected to close in the first quarter of 2017.