Yahoo! Finally Answers Security Breach Questions

By

I think we can all agree that it’s been a rough few months for Yahoo!. The company first started making major headlines back in July when it was announced that Verizon would be acquiring the company. From there, everything seems to have gone downhill. In September, Yahoo! announced that 500 million of its users had been hacked, presumably by a state-sponsored hacker. As a result, Verizon dropped its buying price and Yahoo! even decided to change its name.

For awhile, all had been quiet in regard to the Yahoo! predicament. Yahoo! has been working to win back users by promoting new features on its mail app, and things were maybe even looking up for the company. Unfortunately, I, along with several others, received another email a few weeks ago that Yahoo! had uncovered yet another hacking incident from 2015 or 2016, which was enabled through forged cookies.

Put simply, data from over 1 billion accounts was stolen in 2013, data from 500 million accounts was stolen in 2014 and forged cookies were used in 2015 and 2016 to access accounts. I may not be a mathematician, but it’s pretty evident that those numbers don’t bode well for Yahoo! or its users. And, if you’re anything like me, you’re most likely thinking “enough is enough.” It seems like Yahoo! keeps getting hit time and time again with security issues. Although the company’s executives have been meeting almost daily since announcing the major security breaches during working sessions to improve its cybersecurity, the damage has already been done. At least, that’s the opinion of the Senate committee that questioned Yahoo! on its reaction to the breaches.

After Yahoo! canceled a scheduled briefing with staff from the Senate Committee on Commerce, Science and Transportation earlier this month, Senators John Thune and Jerry Moran sent the company a letter demanding answers. According to a recent post by Kate Conger, the committee demanded to know “the nature of the incident, those affected, and steps the company had taken to identify and mitigate consumer harm, beyond what was already known publicly.”

I think these are questions we’d all like answered, and Yahoo! has finally responded.

Professionals are on the case. It turns out that Yahoo! is working with federal, state and foreign government officials on the breaches. In fact, Yahoo! actually learned about the 2013 hack from a law enforcement agency, so it’s good to know that there are several experts on the case. In addition, Yahoo! has hired a risk management executive to focus on security. “Yahoo! has formalized the role of and hired a functional leader for risk management whose chief mandate is to mature Yahoo!’s formal information risk management security program,” said a representative from Yahoo!

Preventative measures. The company is expanding its team that tracks Advanced Persistent Threat campaigns, which should help prevent any more state-sponsored attacks. It also follows the NIST Cybersecurity Framework, which, according to Conger, “recommends best security practices for businesses, takes a “kill chain” approach to attack detection, funds a red team to attack its own products and has a bug bounty program to support vulnerability research.”

Okay, so maybe not all of our questions have been answered, but the company addressed some of the biggest ones. Unfortunately, Yahoo! still isn’t being very forthcoming about the number of users that were affected. It told the committee that most of the accounts involved in the 2014 breach were also involved in the 2013 breach. The breach timeline seems to be all over the place, especially because Yahoo! didn’t know about the 2013 breach until 2016, and those involved in the 2015/2016 forged cookies attacks didn’t receive a notification email until February 2017. That’s all a bit unsettling, but apparently Yahoo! has created an independent committee of its board of directors to investigate the timeline further.

Although there are still many questions left unanswered, at least we know the company is taking steps to figure out what happened and prevent any similar attacks from happening again. I, like many others, remain skeptical about Yahoo!, but hopefully the extra measures it’s taking will finally put a stop to its cybersecurity issues.




Edited by Maurice Nagle
SHARE THIS ARTICLE
Related Articles

Nvidia to Acquire Arm and Create AI Supercomputer in $40 Billion Deal

By: Laura Stotler    9/16/2020

Graphics and AI chip manufacturer Nvidia confirmed this week it will acquire processing architecture company Arm in a $40 billion deal. The company pl…

Read More

At the Intersection of Mainframe and Open Source, Linux Foundation's Open Mainframe Project Reports Record Growth

By: Arti Loftus    9/16/2020

Open-source software has rejuvenated the mainframe as "a viable consolidation platform that both saves on licensing costs and enables technologies suc…

Read More

How to Install and Configure a Virtual Private Network Server

By: Special Guest    9/16/2020

In the internet age we live in now, we face challenges in internet security and privacy. There are hackers and other malicious elements everywhere we …

Read More

Basics Of Technical Analysis

By: Special Guest    9/10/2020

Warren Buffet, Bill Gates and other self-made billionaires did not just make money upon success. They made smart investment decisions along the way. T…

Read More

Three tips to make your 3D prints cheaper

By: Special Guest    9/10/2020

No one wants to pay too much for something, which is completely understandable. Paying too much is in essence a waste of money. Obviously this also co…

Read More