Yahoo said in its latest SEC filing that executives and legal reps failed to act sufficiently on the information they had about breaches that exposed more than 1 billion account records.

Threatpost writers recap 2016’s biggest news stories, including the proliferation of IoT botnets, ransomware, the FBI vs. Apple story, and more.

Mike Mimoso and Chris Brook discuss the news of the week including Yahoo’s latest breach announcement, a DDoS-for-hire crackdown, hackers seeking help with Mirai, and some new Adobe patches.

Yahoo disclosed today that attackers in 2013 stole data associated with more than 1 billion accounts. CISO Bob Lord said this incident is “distinct” from a 2014 attack in which 500 million accounts were breached.

Google Tuesday disclosed the contents of eight National Security Letters it received between 2010 and 2015, becoming the latest company under reforms afforded by the USA Freedom Act to do so.

Yahoo’s latest SEC filing includes confirmation that it knew attackers were on its network in 2014 and stole information on 500 million accounts.

Yahoo wrote DNI James Clapper asking the government to confirm and declassify an order to scan email for intelligence surveillance purposes.

U.S. representatives are asking Yahoo for clarity around a surveillance program mentioned in reports earlier this month.

Yahoo calls a bombshell email surveillance story “misleading” as legal, civil liberties and security experts demand answers.

The latest on the Yahoo breach, Germany’s problem with WhatsApp-Facebook, Facebook’s osquery tool for Windows, and Zerodium’s $1.5M iOS bounty are all discussed.