The state-caused splatter of more than 500 million Yahoo account credentials and associated personal information was caught by several of the company’s employees when it happened in 2014. The company only publicly disclosed in September that the breach happened after completing an investigation the previous month to confirm the scope of the attack.
Yahoo disclosed this to the Securities and Exchange Commission today in a quarterly report. It initially tied the discovery of the 2014 breach back to a 2012 breach that exposed 200 million Yahoo account names and passwords.
The initial disclosure of the later hack happened a month after Verizon agreed to purchase Yahoo for $4.8 billion. It’s worth noting that the telco, considering this as a “material event” where it would have been able to negotiate down the asking price for the search company, “may seek to terminate the Stock Purchase Agreement or renegotiate the terms of the Sale transaction on that basis,” Yahoo admits. Verizon declined comment while Yahoo declined further comment beyond the filing.
Yahoo is also being investigated for being directed by the FBI to scan emails for signatures from terrorist organizations.