TelecomTV TelecomTV
  • News
  • Videos
  • Channels
  • Events
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • Digital Platforms and Services
  • Open RAN
  • Cloud Native Telco
  • Telcos and Public Cloud
  • The Green Network
  • Private Networks
  • Open Telco Infra
  • 5G Evolution
  • Access Evolution
  • Edgenomics
  • Network Automation
  • 6G Research and Innovation
  • Security
  • More Topics
  • Network Partners
  • Industry Insights
  • Directory
  • Newsletters
  • |
  • About
  • Contact
  • |
  • Connect with us
  • Digital Platforms and Services
  • Open RAN
  • Cloud Native Telco
  • Telcos and Public Cloud
  • The Green Network
  • Private Networks
  • Open Telco Infra
  • 5G Evolution
  • Access Evolution
  • Edgenomics
  • Network Automation
  • 6G Research & Innovation
  • Security
  • Connect with TelecomTV
  • About
  • Privacy
  • Help
  • Contact
  • Sign In Register Subscribe
    • Subscribe
    • Sign In
    • Register
  • Search

Yahoo

Yahoo

Bolt, horse, stable: Yahoo hacked again but Verizon even more hacked-off

Martyn Warwick
By Martyn Warwick

Dec 15, 2016

via flickr © darkday (CC BY 2.0)

via flickr © darkday (CC BY 2.0)

  • A billion accounts stolen. The biggest data breach in history!
  • Happened in August 2013.
  • Discovered by law enforcement agency  - not Yahoo itself
  • All the fault of "forged cookies" - apparently

Yahoo has just revealed that a hacking attack in August 2013 resulted in data pertaining to over ONE BILLION of its subscribers being stolen. It is the biggest security breach in history and comes on top of Yahoo's earlier admission, in September, that 500 million user accounts had been hacked. If Yahoo covered-up the attack until now it will be a monumental scandal and heads should roll. If it is a newly-discovered breach then it is prima facie evidence that Yahoo leaks like a sieve and heads should roll.

Whoever broke through Yahoo's obviously poor security systems (and the company is claiming  that it is a 'state-sponsored' attack" - by which we are meant to infer what? That it that it was Russia, North Korea, Iran or perhaps a rogue from Rhode Island?). The hackers stole Yahoo subscriber names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions. All data that could be used to reset a password.

In a statement Yahoo says it is making all affected users change their passwords while Yahoo itself is "invalidating unencrypted security questions". It took an attack double the size of the September breach to force Yahoo into action. After the first admitted attack it simply refused to compel users to change their passwords or security questions. Too much like hard work presumably.

This isn't a matter of locking the stable door after the horse has bolted. It is one of knowingly leaving it open for three years during which time the horse has had a couple of gap years, backpacked around the world and carried the likes of Julan Assange and Edward Snowden off to their various exiles and hidey-holes. Then it went to live a life of luxury with Kim Jong Un where it is now blowing fragrant equine raspberries at Yahoo HQ. It is an utter disgrace.

Yahoo claims it found out about the 'new' attack after "analyzing data files provided by law enforcement". In other words the company didn't even manage to discover the breach form itself, it had to be told about it by outside agencies. It is pathetic.

Under the dreadful CEO-ship of Marissa Mayer, Google's star hasn't so much fallen as plunged to earth in a self-induced kami-kaze death dive. Security systems had been allowed to rot on the vine  after Mayer and some of her executive team fought with the security department over the expense and 'inconvenience' of deploying upgraded security measures that would have brought the company up to par with the likes of Facebook and Google.

Once more Yahoo takes the biscuit

Yahoo’s chief information security officer, Bob Lord, has issued a statement to the effect that a "state-sponsored actor" has stolen Yahoo’s proprietary source code and adapted it to gain access to the accounts of individual Yahoo subscribers via "forged cookies"  - the few lines of code that remain in a user's browser cache so that a website doesn't need a login every time the user pays it a visit. The lesson here is bloody evident. Delete your cache every time you log off and do it as a matter of routine. It is much wiser to take the time to logon afresh on each visit than it is to leave access open to hacker.

US journalist Brian Krebs, former computer security columnist with the Washington Post and a man renowned for his deep knowledge of security systems and how to break them commented, "For years I have been urging friends and family to migrate off Yahoo email, mainly because I watched as the company appeared to fall far behind its peers in blocking spam and other email-based attacks. I stand by that recommendation".

In 2008, Microsoft was prepared to buy Yahoo for US$44 billion. In July Yahoo sold its core businesses to Verizon for $4.8 billion - about a tenth of what was on offer eight years ago. In October, Verizon said was considering a renegotiation downwards of that price on the grounds that Yahoo had not disclosed the details of the first data breach during due diligence. And who could blame Verizon for that? Who knows how many other nasty surprises are lying there waiting to be discovered?

What Verizon will do now is anyone's guess. It could simply walk away from the deal or demand that the originally agreed purchase price should be lowered very substantially. It s certainly isn't a done deal yet.

It is as plain as a pikestaff what is wrong with Yahoo. It is well-said that a fish rots from the head down. That is exactly what is happening at Yahoo. In addition to the woeful ineptitude of Ms. Mayer, Yahoo has a supine 10-member Board of Directors, one of whom is David Filo, who co-founded Yahoo in the first place. Seven other directors have other jobs -  as directors of other companies. Two financial officers (including the Chairman) are from companies external to Yahoo and there is no-one with high-level technology experience on the Board.

Dismiss the CEO, cull the Board, and take an axe to the senior executives. It's the only way. Perhaps Donald Trump could do an 'Apprentice Special' before he takes up Presidential office and fire Marissa Mayer on live TV. It would make great entertainment but would still be still too little too late.

Related Topics
  • Analysis & Opinion,
  • News,
  • Policy & Regulation,
  • Security,
  • Yahoo

More Like This

Business Models

When DSP strategies fail: why Verizon got pocket change for Tumblr

Aug 13, 2019

VR & AR

Verizon plans to harness 5G and ‘extended reality’ to its media business

May 2, 2019

Media & Entertainment

Struggling Oath shows telcos have a mountain to climb when it comes to advertising

Dec 12, 2018

Yahoo

Remains of Yahoo to be renamed "Altaba" - if sale of Internet business to Verizon goes through

Jan 10, 2017

Yahoo

Senior Verizon executive says company is "unsure" about acquisition of Yahoo

Jan 6, 2017

Email Newsletters

Stay up to date with the latest industry developments: sign up to receive TelecomTV's top news and videos plus exclusive subscriber-only content direct to your inbox – including our daily news briefing and weekly wrap.

Subscribe

Top Picks

Highlights of our content from across TelecomTV today

10:43

MWC23 interview: Mari-Noëlle Jégo-Laveissière, deputy CEO of Orange

12:45

MWC23 interview: Abdu Mudesir, Group CTO, Deutsche Telekom

9:26

MWC23 interview: Greg McCall, Chief Networks Officer, BT

TelecomTV
Company
  • About Us
  • Media Kit
  • Contact Us
Our Brands
  • DSP Leaders World Forum
  • Great Telco Debate
  • TelecomTV Events
Get In Touch
[email protected]
+44 (0) 207 448 1070
Connect With Us

  • Privacy
  • Cookies
  • Terms of Use
  • Legal Notices
  • Help

TelecomTV is produced by the team at Decisive Media.

© Decisive Media Limited 2023. All rights reserved. All brands and products are the trademarks of their respective holder(s).