Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity

    IT Professionals Hold Little Back in Reaction to Yahoo Breach

    By
    Chris Preimesberger
    -
    December 16, 2016
    Share
    Facebook
    Twitter
    Linkedin

      For a company that really could use some good news for a change, Yahoo has had another pretty rough week.

      The pioneering search and web services provider, whose home page starts more browser sessions than anybody in the world, revealed Dec. 14 that new security issues had impacted the personal data of more than 1 billion of its users. This is thought to be the largest and most widespread theft of personal information in the brief history of the internet.

      The breach is different and twice as large as the hack Yahoo admitted to suffering last September, one the company said happened in 2014—and was at the time the largest breach in the world. So much for world records.

      The newly disclosed security intrusion from Dec. 14 apparently took place in 2013 and involved a substantial amount of personal information, including passwords and the answers to security questions. Yahoo is trying to harden all its systems and requiring all its users to change passwords, and it is automatically invalidating the security questions.

      Former User: ‘Went Over to My Gmail Account’

      In a typical reaction, a Yahoo user interviewed on the street Dec. 14 on Bay Area television news simply said: “How does the Yahoo breach affect me? Simple. I just went to my Yahoo account, closed it and went over to my Gmail account.”

      That in one statement shows the main problem web services like Yahoo’s face on a 24/7 basis: Credibility in safeguarding personal information. To be fair, this could happen to anybody, and it does on a regular basis; the public just doesn’t become aware of all the breaches.

      Yahoo had agreed earlier this year to sell its core businesses to Verizon Communications for $4.8 billion. Verizon said that it might seek to renegotiate the terms of the transaction after the first hacking was discovered. It’s not known how the Dec. 14 hack attack will affect the purchase, which is still in process. No matter what, this news isn’t going to help Yahoo’s side of the negotiation.

      As one might expect, eWEEK was inundated with reactions from IT folks far and wide after the news broke two days ago. The self-serving, “I told you so” statements were easily remedied by the delete button.

      Others are legitimate observations based on industry experience and perspective—information from which Yahoo and others can learn. We include some of the more cogent ones here.

      Jason Rose, Senior Vice President of Customer Identity Management Provider, Gigya:

      “The biggest casualty is consumer’s loss of trust in Yahoo, which will, ultimately, erode the company’s value for pending acquirer Verizon. Trust is earned in drips and lost in buckets. In the online world, customers need to share their identity: email addresses, personal preferences, credit card numbers, etc., in order to connect with the businesses that provide them goods and services. If customers can’t rely on a business to protect that data, then trust is lost. In other words, identity is the currency of trust.”

      James Maude, Senior Software Engineer, Avecto:
      “One in six people globally have now had their data breached thanks to Yahoo. With a breach on such an unprecedented scale, users should be concerned about how a behemoth of the internet failed to notice this for such a long period of time. This is especially concerning as recent reports have shown that around this time Yahoo was busy undermining its own security by installing backdoors in their own infrastructure for government agencies. There is the worrying possibility that this undisclosed backdoor served as cover for the data breaches, as employees deliberately ignored or hid these back channels.
      “Initial reports suggest that the attackers manipulated cookies, which are normally used to authenticate or track users; however, in this case the attackers changed them to bypass logins without requiring a password. Using this technique, attackers could have logged into accounts at will and monitored them for great lengths of time. With such negligence questions must be asked as to what was going on at Yahoo to allow this to happen.”

      Craig A. Newman, head of Privacy & Data Security Practice, Patterson Belknap LLP:
      “Not only is this a big deal in the context of the proposed sale to Verizon, but it raises obvious questions about Yahoo’s overall data security protocols, particularly if 1 billion accounts were hacked more than 3 years ago and we’re just finding out about it now. Surely, it ups the stakes in the proposed deal and gives Verizon a lot more leverage either to renegotiate the purchase price or walk from the deal. While it also underscores the importance of cybersecurity due diligence in an M&A transaction and its direct link to valuation, it begs the broader question of reputational risk and what this is really going to cost in terms of litigation and regulatory investigations.”

      Chris Preimesberger
      https://www.eweek.com/author/cpreimesberger/
      Chris J. Preimesberger is Editor Emeritus of eWEEK. In his 16 years and more than 5,000 articles at eWEEK, he distinguished himself in reporting and analysis of the business use of new-gen IT in a variety of sectors, including cloud computing, data center systems, storage, edge systems, security and others. In February 2017 and September 2018, Chris was named among the 250 most influential business journalists in the world (https://richtopia.com/inspirational-people/top-250-business-journalists/) by Richtopia, a UK research firm that used analytics to compile the ranking. He has won several national and regional awards for his work, including a 2011 Folio Award for a profile (https://www.eweek.com/cloud/marc-benioff-trend-seer-and-business-socialist/) of Salesforce founder/CEO Marc Benioff--the only time he has entered the competition. Previously, Chris was a founding editor of both IT Manager's Journal and DevX.com and was managing editor of Software Development magazine. He has been a stringer for the Associated Press since 1983 and resides in Silicon Valley.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×