While the internet continues to be more and more intertwined into the daily lives of people, hackers continue to evolve alongside it; expanding their skillset and tools that assist them in carrying out heavy tasks. Such tasks could range from finding credit card information of a little more than a thousand people to digging up the full names, birth dates, and phone numbers - among other information - of 500 million people. Regardless of whatever the job may be, personal information has become easier to access than ever before with the internet. Some companies such as Yahoo, however, are slower to include reliable security; putting the personal information of several users at greater risk than they may usually be. Yahoo announced September 22 that personal information such as names, birthdays, emails, and telephone numbers from 500 million users was stolen two years ago.
The company also revealed that they had only discovered that the incident even happened this year. Not only is this the been the biggest data breach in the history of the company, but it is also the biggest public data breach ever recorded. This information - according to Yahoo - was stolen by a “state-sponsored actor.” Although, it is currently unknown which state is connected to the cybercriminal.
The fact that Yahoo was slow to discover the hack, the trust of their consumers wavers. “It took them two years to discover a huge hack,” said Isabella Coscia.
As a response to the hack, Yahoo issued an email to Yahoo Mail users; informing them that security questions in use may be invalidated and urged them to change their passwords. However, considering that these users have their photo albums along with bank account and medical information intertwined with their Yahoo Mail account, changing their passwords will be one of many steps that users have to take in order to reassure that their account is secure.
This situation has a lasting impact on not only daily consumers of content, but for big companies as well. One such company is Verizon Communications; whom is in the middle of acquiring Yahoo for $4.8 billion. While it is not known as to whether this event will greatly impact the deal, Verizon released an official statement to USA TODAY stating, “We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact.”
Also, it is unknown as to whether or not Verizon ordered a security test as a part of their due diligence - investigative steps taken by a person or company before a business transaction - with Yahoo. It would be likely that such a test were to have not been conducted, as a security checkup for due diligence is not legally required. Whether or not Verizon follows through with their purchase, a change is definitely coming to Yahoo’s security.
“I think Verizon should go through with their purchase of Yahoo. However, they should look into Yahoo’s security and find a way to help increase it,” said Newtown High School science teacher Tim Tallcouch.
Regardless, the lack of certainty concerning cybersecurity has certainly triggered the alarms of the federal government. On September 27, six senators declared in a collaborative letter addressed to Yahoo CEO Marissa Mayer their intense disappointment at the company failing to not only have reliable security, but for not realizing the breach until two years later.
This has been far from the first breach that Yahoo has experienced. Yahoo - along with Google, Adobe, Symantec, and thirty other companies - was attacked by Chinese military hackers in 2010. Unlike other companies such as Google, Yahoo did not make security a priority. Yahoo’s security team often locked horns with business branches over the cost of protection.
Image Courtesy of mobilemarketingwatch.com