The Latest Yahoo Data Breach, A Hack Too Far For A Dying Company

Many years ago, in the acoustic days of the 56k dial-up modem, I used a web-based service called RocketMail, one of the earliest online email providers. Unlike your AOLs or Hotmails having an account with the now subsumed Four11 Corporation gave one a certain cachet among the proto-geek crowd. This was especially true in Ireland where (some) people went to great effort to have wildly imaginative – or inappropriate – usernames for their @rocketmail.com addresses. At one stage I think I had at least six accounts with the company, though only two – and eventually one – survived its takeover by the burgeoning tech giant Yahoo! in the late 1990s, the service becoming the basis for the latter’s own system. The subsequent Yahoo! Mail became one of the most popular email providers on the web until the corporation became transfixed by its own standing, self-satisfied inertia taking hold of all its web offerings. Most of us who still maintain an account with Yahoo! do so out of habit, laziness or forgetfulness. There is certainly nothing about its tired brand that could entice one away from any of its rivals. Unfortunately my old username was tied to my Flickr profile, which I was sentimentally reluctant to deactivate. However tech-born nostalgia can only take one so far.

Twice in the last year I’ve been notified by Yahoo! that their slovenly and slapdash approach to internet security has resulted in my almost dormant email account with them being compromised in some manner. Below are a few snippets from the latest warning:

NOTICE OF DATA BREACH

Dear Yahoo user,

We are writing to inform you about a data security issue that may involve your Yahoo account information. We have taken steps to secure your account and are working closely with law enforcement.

What happened?

In November 2016, law enforcement provided Yahoo with data files which a third party claimed was Yahoo user data. We analysed this data with the assistance of external forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe that an unauthorised third party stole data associated with a broader set of user accounts in August 2013, including yours. We have not been able to identify the intrusion associated with this theft. We believe that this incident is likely distinct from the one that we disclosed on 22 September 2016.

What information was involved?

The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. Not all of these data elements may have been present for your account. The investigation indicates that the stolen information did not include passwords in clear text form, payment card data or bank account information. Payment card data and bank account information are not stored on the system that we believe was affected.

Protecting your information is important to us and we are constantly working to strengthen our defences.

Yours sincerely,

Bob Lord
Chief Information Security Officer
Yahoo”

Protecting my information – or that of any other client – is the least important thing to Yahoo!, as aptly illustrated by their deceitful handling of repeated data breaches in the recent past or their eagerness to hand over user details to anyone who demands it, warrant in hand or otherwise. My advice is to do as I have done and close any and all accounts or services you have with Yahoo! and its offshoots. And do it now.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s