The Hack of All Hacks: Breaching Yahoo

It took place in August 2013. It was a hack of unprecedented scale, impetuous, audacious, and, if we are to believe Yahoo, undetected at the time.  The result of that effort across 1 billion accounts was a profitable use of material to spammers and cyber criminals operating on the dark web, with some estimates on proceeds coming to $300,000.

The breached data comprised email addresses, names, phone numbers, birthdays, hashed passwords, and an assortment of encrypted and unencrypted security questions, with their answers.  If the company’s public front is to believed, the hack avoided unencrypted passwords, credit card numbers or information related to bank accounts.

To this could be added the hack of 2014, disclosed in September, that targeted the details of half a million accounts.  The words from the publicity arm of the company were hardly encouraging.  The one billion-account hack was “distinct from the incident we disclosed on September 22, 2016.”[1]

What was the CEO Marissa Mayer thinking on becoming CEO?  Security could hardly have been a priority.  This is in stark contrast to the bruising the company got six years ago when it, along with Google and other technology companies, received the unwanted attention of Chinese military hackers.

Responses varied.  Sergey Brin of Google hired a swathe of security engineers with enticing bonuses. Yahoo preferred dragging its collective, corporate feet, facing internal battles between the “Paranoids,” as Yahoo’s security term is known as, and the rest of the business, on security costs.[2]

According to Jeremiah Grossman, a former information security officer for Yahoo, “there’s confusion, there’s frustration, and there’s not a lot of support for the security team” (Wired, Dec 14). To this company atmospherics could also be added the general desire on the part of the wonks to keep mum on the issue of whether it had received the attention of hackers.

Nor is Mayer anywhere in sight.  In the unconvincing words of a Yahoo spokeswoman, “Marissa and our executive team have been deeply engaged in our ongoing investigation.”[3]  According to the Financial Times, she should have been engaged right back in July, when she already had knowledge about the 2013 hack.  This raised “questions about whether [she] withheld information from investors, regulators and its acquirer Verizon until this week.”  Very naughty indeed.

This kaleidoscope of chaos has come to light as Mayer has been working on making Yahoo appealing to Verizon to the tune of $4.8 billion, which was pretty much all that was looking up for the company.

That appeal, even for this sick man of the technology field, has worn off considerably with two massive hacks in succession, suggesting that the company has not taken heed of the vast information insurgency being pursued across the Internet. In the ruthless technology jungle, Yahoo has lagged and limped. Verizon, while still on board, wants amendments to the deal.

Having taken their eyes off matters of security, it is fitting to consider the extent Yahoo is liable for having a system that offered such ready pickings.  Numerous states have onerous obligations on data companies to protect the integrity of what is gathered under their watch. A standard of care, the breach of which incurs penalties, is assumed.

Britain’s deputy information commissioner, Simon Entwisle, is eyeing the company, as are his colleagues at several other watchdogs.  The Information Commissioner’s Office has some form, having fined TalkTalk to the tune of £400,000 for a cyber attack that took place in October last year.  The theft of personal data there involved 157,000 customers. Among them were 16,000 instances where bank account details were also pilfered.

Despite TalkTalk’s cooperative demeanour (the company claimed “to be open and honest with our customers from the outset”), the fine remained.  “Yes, hacking is wrong,” observed Information Commissioner, Elizabeth Denham, “but that is not an excuse for companies to abdicate their security obligations.”  It was incumbent on the company to do “more to safeguard its customer information.  It did not and we have taken action.”[4]

The Yahoo account holder may also rush to keyboard or pad to whisk away the account into oblivion, bidding a bitter adieu to the flawed technology giant. But as has been noted, even after a Yahoo email account is deleted, “the actual details of the account won’t be cleared from Yahoo’s database for 90 days and even then, Yahoo may retain some information.”[5]

Reeling and recoiling, the Yahoo top brass have had little in the way of answers.  The market is doing the talking for them on one level, while customers will, in all likelihood, do the other.  But the damage is done, and any deletion of the Yahoo account is about to have a weak futility to it.  In the age of the deep hack, not even deletion will assist you.


[1] https://www.wired.com/2016/12/yahoo-hack-billion-users/

[2] http://www.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html?_r=0

[3] http://www.nbcnews.com/tech/tech-news/yahoo-just-had-two-biggest-hacks-ever-so-why-haven-n696496

[4] http://www.bbc.com/news/business-37565367

[5] http://theconversation.com/second-revealed-yahoo-hack-means-it-really-is-time-to-delete-your-yahoo-account-70556

More articles by:

Binoy Kampmark was a Commonwealth Scholar at Selwyn College, Cambridge. He lectures at RMIT University, Melbourne. Email: bkampmark@gmail.com

Weekend Edition
December 14, 2018
Friday - Sunday
Andrew Levine
A Tale of Two Cities
Peter Linebaugh
The Significance of The Common Wind
Bruce E. Levine
The Ketamine Chorus: NYT Trumpets New Anti-Suicide Drug
Jeffrey St. Clair
Roaming Charges: Fathers and Sons, Bushes and Bin Ladens
Kathy Deacon
Coffee, Social Stratification and the Retail Sector in a Small Maritime Village
Nick Pemberton
Praise For America’s Second Leading Intellectual
Robert Hunziker
The Yellow Vest Insurgency – What’s Next?
Patrick Cockburn
The Yemeni Dead: Six Times Higher Than Previously Reported
Nick Alexandrov
George H. W. Bush: Another Eulogy
Brian Cloughley
Principles and Morality Versus Cash and Profit? No Contest
Michael F. Duggan
Climate Change and the Limits of Reason
Victor Grossman
Sighs of Relief in Germany
Ron Jacobs
A Propagandist of Privatization
Robert Fantina
What Does Beto Have Against the Palestinians?
Richard Falk – Daniel Falcone
Sartre, Said, Chomsky and the Meaning of the Public Intellectual
Andrew Glikson
Crimes Against the Earth
Robert Fisk
The Parasitic Relationship Between Power and the American Media
Stephen Cooper
When Will Journalism Grapple With the Ethics of Interviewing Mentally Ill Arrestees?
Jill Richardson
A War on Science, Morals and Law
Ron Jacobs
A Propagandist of Privatization
Evaggelos Vallianatos
It’s Not Easy Being Greek
Nomi Prins 
The Inequality Gap on a Planet Growing More Extreme
John W. Whitehead
Know Your Rights or You Will Lose Them
David Swanson
The Abolition of War Requires New Thoughts, Words, and Actions
J.P. Linstroth
Primates Are Us
Bill Willers
The War Against Cash
Jonah Raskin
Doris Lessing: What’s There to Celebrate?
Ralph Nader
Are the New Congressional Progressives Real? Use These Yardsticks to Find Out
Binoy Kampmark
William Blum: Anti-Imperial Advocate
Medea Benjamin – Alice Slater
Green New Deal Advocates Should Address Militarism
John Feffer
Review: Season 2 of Trump Presidency
Rich Whitney
General Motors’ Factories Should Not Be Closed. They Should Be Turned Over to the Workers
Christopher Brauchli
Deported for Christmas
Kerri Kennedy
This Holiday Season, I’m Standing With Migrants
Mel Gurtov
Weaponizing Humanitarian Aid
Thomas Knapp
Lame Duck Shutdown Theater Time: Pride Goeth Before a Wall?
George Wuerthner
The Thrill Bike Threat to the Elkhorn Mountains
Nyla Ali Khan
A Woman’s Selfhood and Her Ability to Act in the Public Domain: Resilience of Nadia Murad
Kollibri terre Sonnenblume
On the Killing of an Ash Tree
Graham Peebles
Britain’s Homeless Crisis
Louis Proyect
America: a Breeding Ground for Maladjustment
Steve Carlson
A Hell of a Time
Dan Corjescu
America and The Last Ship
Jeffrey St. Clair
Booked Up: the 25 Best Books of 2018
David Yearsley
Bikini by Rita, Voice by Anita