Click amount to donate direct to CounterPunch
  • $25
  • $50
  • $100
  • $500
  • $other
  • use PayPal
DOUBLE YOUR DONATION!
We don’t run corporate ads. We don’t shake our readers down for money every month or every quarter like some other sites out there. We provide our site for free to all, but the bandwidth we pay to do so doesn’t come cheap. A generous donor is matching all donations of $100 or more! So please donate now to double your punch!
FacebookTwitterGoogle+RedditEmail

The Hack of All Hacks: Breaching Yahoo

It took place in August 2013. It was a hack of unprecedented scale, impetuous, audacious, and, if we are to believe Yahoo, undetected at the time.  The result of that effort across 1 billion accounts was a profitable use of material to spammers and cyber criminals operating on the dark web, with some estimates on proceeds coming to $300,000.

The breached data comprised email addresses, names, phone numbers, birthdays, hashed passwords, and an assortment of encrypted and unencrypted security questions, with their answers.  If the company’s public front is to believed, the hack avoided unencrypted passwords, credit card numbers or information related to bank accounts.

To this could be added the hack of 2014, disclosed in September, that targeted the details of half a million accounts.  The words from the publicity arm of the company were hardly encouraging.  The one billion-account hack was “distinct from the incident we disclosed on September 22, 2016.”[1]

What was the CEO Marissa Mayer thinking on becoming CEO?  Security could hardly have been a priority.  This is in stark contrast to the bruising the company got six years ago when it, along with Google and other technology companies, received the unwanted attention of Chinese military hackers.

Responses varied.  Sergey Brin of Google hired a swathe of security engineers with enticing bonuses. Yahoo preferred dragging its collective, corporate feet, facing internal battles between the “Paranoids,” as Yahoo’s security term is known as, and the rest of the business, on security costs.[2]

According to Jeremiah Grossman, a former information security officer for Yahoo, “there’s confusion, there’s frustration, and there’s not a lot of support for the security team” (Wired, Dec 14). To this company atmospherics could also be added the general desire on the part of the wonks to keep mum on the issue of whether it had received the attention of hackers.

Nor is Mayer anywhere in sight.  In the unconvincing words of a Yahoo spokeswoman, “Marissa and our executive team have been deeply engaged in our ongoing investigation.”[3]  According to the Financial Times, she should have been engaged right back in July, when she already had knowledge about the 2013 hack.  This raised “questions about whether [she] withheld information from investors, regulators and its acquirer Verizon until this week.”  Very naughty indeed.

This kaleidoscope of chaos has come to light as Mayer has been working on making Yahoo appealing to Verizon to the tune of $4.8 billion, which was pretty much all that was looking up for the company.

That appeal, even for this sick man of the technology field, has worn off considerably with two massive hacks in succession, suggesting that the company has not taken heed of the vast information insurgency being pursued across the Internet. In the ruthless technology jungle, Yahoo has lagged and limped. Verizon, while still on board, wants amendments to the deal.

Having taken their eyes off matters of security, it is fitting to consider the extent Yahoo is liable for having a system that offered such ready pickings.  Numerous states have onerous obligations on data companies to protect the integrity of what is gathered under their watch. A standard of care, the breach of which incurs penalties, is assumed.

Britain’s deputy information commissioner, Simon Entwisle, is eyeing the company, as are his colleagues at several other watchdogs.  The Information Commissioner’s Office has some form, having fined TalkTalk to the tune of £400,000 for a cyber attack that took place in October last year.  The theft of personal data there involved 157,000 customers. Among them were 16,000 instances where bank account details were also pilfered.

Despite TalkTalk’s cooperative demeanour (the company claimed “to be open and honest with our customers from the outset”), the fine remained.  “Yes, hacking is wrong,” observed Information Commissioner, Elizabeth Denham, “but that is not an excuse for companies to abdicate their security obligations.”  It was incumbent on the company to do “more to safeguard its customer information.  It did not and we have taken action.”[4]

The Yahoo account holder may also rush to keyboard or pad to whisk away the account into oblivion, bidding a bitter adieu to the flawed technology giant. But as has been noted, even after a Yahoo email account is deleted, “the actual details of the account won’t be cleared from Yahoo’s database for 90 days and even then, Yahoo may retain some information.”[5]

Reeling and recoiling, the Yahoo top brass have had little in the way of answers.  The market is doing the talking for them on one level, while customers will, in all likelihood, do the other.  But the damage is done, and any deletion of the Yahoo account is about to have a weak futility to it.  In the age of the deep hack, not even deletion will assist you.

Notes. 

[1] https://www.wired.com/2016/12/yahoo-hack-billion-users/

[2] http://www.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html?_r=0

[3] http://www.nbcnews.com/tech/tech-news/yahoo-just-had-two-biggest-hacks-ever-so-why-haven-n696496

[4] http://www.bbc.com/news/business-37565367

[5] http://theconversation.com/second-revealed-yahoo-hack-means-it-really-is-time-to-delete-your-yahoo-account-70556

More articles by:

Binoy Kampmark was a Commonwealth Scholar at Selwyn College, Cambridge. He lectures at RMIT University, Melbourne. Email: bkampmark@gmail.com

October 23, 2018
Patrick Cockburn
The Middle East, Not Russia, Will Prove Trump’s Downfall
Ipek S. Burnett
The Assault on The New Colossus: Trump’s Threat to Close the U.S.-Mexican Border
Mary Troy Johnston
The War on Terror is the Reign of Terror
Maximilian Werner
The Rhetoric and Reality of Death by Grizzly
David Macaray
Teamsters, Hells Angels, and Self-Determination
Jeffrey Sommers
“No People, Big Problem”: Democracy and Its Discontents In Latvia
Dean Baker
Looking for the Next Crisis: the Not Very Scary World of CLOs
Binoy Kampmark
Leaking for Change: ASIO, Jakarta, and Australia’s Jerusalem Problem
Chris Wright
The Necessity of “Lesser-Evil” Voting
Muhammad Othman
Daunting Challenge for Activists: The Cook Customer “Connection”
Don Fitz
A Debate for Auditor: What the Papers Wouldn’t Say
October 22, 2018
Henry Giroux
Neoliberalism in the Age of Pedagogical Terrorism
Melvin Goodman
Washington’s Latest Cold War Maneuver: Pulling Out of the INF
David Mattson
Basket of Deplorables Revisited: Grizzly Bears at the Mercy of Wyoming
Michelle Renee Matisons
Hurricane War Zone Further Immiserates Florida Panhandle, Panama City
Tom Gill
A Storm is Brewing in Europe: Italy and Its Public Finances Are at the Center of It
Suyapa Portillo Villeda
An Illegitimate, US-Backed Regime is Fueling the Honduran Refugee Crisis
Christopher Brauchli
The Liars’ Bench
Gary Leupp
Will Trump Split the World by Endorsing a Bold-Faced Lie?
Michael Howard
The New York Times’ Animal Cruelty Fetish
Alice Slater
Time Out for Nukes!
Geoff Dutton
Yes, Virginia, There are Conspiracies—I Think
Daniel Warner
Davos in the Desert: To Attend or Not, That is Not the Question
Priti Gulati Cox – Stan Cox
Mothers of Exiles: For Many, the Child-Separation Ordeal May Never End
Manuel E. Yepe
Pence v. China: Cold War 2.0 May Have Just Begun
Raouf Halaby
Of Pith Helmets and Sartorial Colonialism
Dan Carey
Aspirational Goals  
Wim Laven
Intentional or Incompetence—Voter Suppression Where We Live
Weekend Edition
October 19, 2018
Friday - Sunday
Jason Hirthler
The Pieties of the Liberal Class
Jeffrey St. Clair
A Day in My Life at CounterPunch
Paul Street
“Male Energy,” Authoritarian Whiteness and Creeping Fascism in the Age of Trump
Nick Pemberton
Reflections on Chomsky’s Voting Strategy: Why The Democratic Party Can’t Be Saved
John Davis
The Last History of the United States
Yigal Bronner
The Road to Khan al-Akhmar
Robert Hunziker
The Negan Syndrome
Andrew Levine
Democrats Ahead: Progressives Beware
Rannie Amiri
There is No “Proxy War” in Yemen
David Rosen
America’s Lost Souls: the 21st Century Lumpen-Proletariat?
Joseph Natoli
The Age of Misrepresentations
Ron Jacobs
History Is Not Kind
John Laforge
White House Radiation: Weakened Regulations Would Save Industry Billions
Ramzy Baroud
The UN ‘Sheriff’: Nikki Haley Elevated Israel, Damaged US Standing
Robert Fantina
Trump, Human Rights and the Middle East
Anthony Pahnke – Jim Goodman
NAFTA 2.0 Will Help Corporations More Than Farmers
Jill Richardson
Identity Crisis: Elizabeth Warren’s Claims Cherokee Heritage
FacebookTwitterGoogle+RedditEmail