FacebookTwitterRedditEmail

The Hack of All Hacks: Breaching Yahoo

It took place in August 2013. It was a hack of unprecedented scale, impetuous, audacious, and, if we are to believe Yahoo, undetected at the time.  The result of that effort across 1 billion accounts was a profitable use of material to spammers and cyber criminals operating on the dark web, with some estimates on proceeds coming to $300,000.

The breached data comprised email addresses, names, phone numbers, birthdays, hashed passwords, and an assortment of encrypted and unencrypted security questions, with their answers.  If the company’s public front is to believed, the hack avoided unencrypted passwords, credit card numbers or information related to bank accounts.

To this could be added the hack of 2014, disclosed in September, that targeted the details of half a million accounts.  The words from the publicity arm of the company were hardly encouraging.  The one billion-account hack was “distinct from the incident we disclosed on September 22, 2016.”[1]

What was the CEO Marissa Mayer thinking on becoming CEO?  Security could hardly have been a priority.  This is in stark contrast to the bruising the company got six years ago when it, along with Google and other technology companies, received the unwanted attention of Chinese military hackers.

Responses varied.  Sergey Brin of Google hired a swathe of security engineers with enticing bonuses. Yahoo preferred dragging its collective, corporate feet, facing internal battles between the “Paranoids,” as Yahoo’s security term is known as, and the rest of the business, on security costs.[2]

According to Jeremiah Grossman, a former information security officer for Yahoo, “there’s confusion, there’s frustration, and there’s not a lot of support for the security team” (Wired, Dec 14). To this company atmospherics could also be added the general desire on the part of the wonks to keep mum on the issue of whether it had received the attention of hackers.

Nor is Mayer anywhere in sight.  In the unconvincing words of a Yahoo spokeswoman, “Marissa and our executive team have been deeply engaged in our ongoing investigation.”[3]  According to the Financial Times, she should have been engaged right back in July, when she already had knowledge about the 2013 hack.  This raised “questions about whether [she] withheld information from investors, regulators and its acquirer Verizon until this week.”  Very naughty indeed.

This kaleidoscope of chaos has come to light as Mayer has been working on making Yahoo appealing to Verizon to the tune of $4.8 billion, which was pretty much all that was looking up for the company.

That appeal, even for this sick man of the technology field, has worn off considerably with two massive hacks in succession, suggesting that the company has not taken heed of the vast information insurgency being pursued across the Internet. In the ruthless technology jungle, Yahoo has lagged and limped. Verizon, while still on board, wants amendments to the deal.

Having taken their eyes off matters of security, it is fitting to consider the extent Yahoo is liable for having a system that offered such ready pickings.  Numerous states have onerous obligations on data companies to protect the integrity of what is gathered under their watch. A standard of care, the breach of which incurs penalties, is assumed.

Britain’s deputy information commissioner, Simon Entwisle, is eyeing the company, as are his colleagues at several other watchdogs.  The Information Commissioner’s Office has some form, having fined TalkTalk to the tune of £400,000 for a cyber attack that took place in October last year.  The theft of personal data there involved 157,000 customers. Among them were 16,000 instances where bank account details were also pilfered.

Despite TalkTalk’s cooperative demeanour (the company claimed “to be open and honest with our customers from the outset”), the fine remained.  “Yes, hacking is wrong,” observed Information Commissioner, Elizabeth Denham, “but that is not an excuse for companies to abdicate their security obligations.”  It was incumbent on the company to do “more to safeguard its customer information.  It did not and we have taken action.”[4]

The Yahoo account holder may also rush to keyboard or pad to whisk away the account into oblivion, bidding a bitter adieu to the flawed technology giant. But as has been noted, even after a Yahoo email account is deleted, “the actual details of the account won’t be cleared from Yahoo’s database for 90 days and even then, Yahoo may retain some information.”[5]

Reeling and recoiling, the Yahoo top brass have had little in the way of answers.  The market is doing the talking for them on one level, while customers will, in all likelihood, do the other.  But the damage is done, and any deletion of the Yahoo account is about to have a weak futility to it.  In the age of the deep hack, not even deletion will assist you.

Notes. 

[1] https://www.wired.com/2016/12/yahoo-hack-billion-users/

[2] http://www.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html?_r=0

[3] http://www.nbcnews.com/tech/tech-news/yahoo-just-had-two-biggest-hacks-ever-so-why-haven-n696496

[4] http://www.bbc.com/news/business-37565367

[5] http://theconversation.com/second-revealed-yahoo-hack-means-it-really-is-time-to-delete-your-yahoo-account-70556

More articles by:

Binoy Kampmark was a Commonwealth Scholar at Selwyn College, Cambridge. He lectures at RMIT University, Melbourne. Email: bkampmark@gmail.com

Weekend Edition
March 22, 2019
Friday - Sunday
Henry Giroux
The Ghost of Fascism in the Post-Truth Era
Gabriel Rockhill
Spectacular Violence as a Weapon of War Against the Yellow Vests
H. Bruce Franklin
Trump vs. McCain: an American Horror Story
Paul Street
A Pox on the Houses of Trump and McCain, Huxleyan Media, and the Myth of “The Vietnam War”
Andrew Levine
Why Not Impeach?
Bruce E. Levine
Right-Wing Psychiatry, Love-Me Liberals and the Anti-Authoritarian Left
Jeffrey St. Clair
Roaming Charges: Darn That (American) Dream
Charles Pierson
Rick Perry, the Saudis and a Dangerous Nuclear Deal
Moshe Adler
American Workers Should Want to Transfer Technology to China
David Rosen
Trafficking or Commercial Sex? What Recent Exposés Reveal
Nick Pemberton
The Real Parallels Between Donald Trump and George Orwell
Binoy Kampmark
Reading Manifestos: Restricting Brenton Tarrant’s The Great Replacement
Brian Cloughley
NATO’s Expensive Anniversaries
Ron Jacobs
Donald Cox: Tale of a Panther
Joseph Grosso
New York’s Hudson Yards: The Revanchist City Lives On
REZA FIYOUZAT
Is It Really So Shocking?
Bob Lord
There’s Plenty of Wealth to Go Around, But It Doesn’t
John W. Whitehead
The Growing Epidemic of Cops Shooting Family Dogs
Jeff Cohen
Let’s Not Restore or Mythologize Obama 
Christy Rodgers
Achieving Escape Velocity
Monika Zgustova
The Masculinity of the Future
Jessicah Pierre
The Real College Admissions Scandal
Peter Mayo
US Higher Education Influence Takes a Different Turn
Martha Rosenberg
New Study Confirms That Eggs are a Stroke in a Shell
Ted Rall
The Greatest Projects I Never Mad
George Wuerthner
Saving the Big Wild: Why Aren’t More Conservationists Supporting NREPA?
Norman Solomon
Reinventing Beto: How a GOP Accessory Became a Top Democratic Contender for President
Ralph Nader
Greedy Boeing’s Avoidable Design and Software Time Bombs
Tracey L. Rogers
White Supremacy is a Global Threat
Nyla Ali Khan
Intersectionalities of Gender and Politics in Indian-Administered Kashmir
Karen J. Greenberg
Citizenship in the Age of Trump: Death by a Thousand Cuts
Jill Richardson
Getting It Right on What Stuff Costs
Matthew Stevenson
Pacific Odyssey: Puddle Jumping in New Britain
Matt Johnson
The Rich Are No Smarter Than You
Julian Vigo
College Scams and the Ills of Capitalist-Driven Education
Brian Wakamo
It’s March Madness, Unionize the NCAA!
Beth Porter
Paper Receipts Could be the Next Plastic Straws
Christopher Brauchli
Eric the Heartbroken
Louis Proyect
Rebuilding a Revolutionary Left in the USA
Sarah Piepenburg
Small Businesses Like Mine Need Paid Family and Medical Leave
Robert Koehler
Putting Our Better Angels to Work
Peter A. Coclanis
The Gray Lady is Increasingly Tone-Deaf
David Yearsley
Bach-A-Doodle-Doo
Elliot Sperber
Aunt Anna’s Antenna
March 21, 2019
Daniel Warner
And Now Algeria
FacebookTwitterRedditEmail