Columbia Southern University
How Yahoo lost its users trust.
In 1994, Jerry Yang and David Filo, two electrical engineer graduate students, created a website called “Jerry and David’s Guide to the World Wide Web”. On January 18, 1995, the website was officially registered as Yahoo.com. Initially, Yahoo was a hand-built hierarchical directory of websites organized by category but quickly grew. In the late ’90s, Yahoo had expanded far beyond its roots, it launched an email service, chat, groups, games, and a website platform (Greenberg, J. 2015). Throughout the years, Yahoo battled with top name competitors in the internet world such as Google, Facebook, and AOL. Like many, Yahoo as a company has made its fair share of mistakes in the past, like passing up its chance to purchase PageRank, which later became Google, for $1 million dollars in 1998, (Derrick, J. 2016). At the time Yahoo was getting into the search engine field, and unlike PageRank, wanted the users to see results strictly from Yahoo, and not suggestions from other websites. With Yahoos ability to bounce back from years of bad choices, in 2014 Yahoo took a big hit.
Yahoo confirmed that information from at least 500 million Yahoo accounts was stolen from the company in 2014 (Snider, M. 2016). A recent article states “The stolen user account information includes names, email addresses, telephone numbers, dates of birth, passwords and account security questions. Yahoo stated that the passwords were hashed with the bcrypt algorithm. Bcrypt is a secure hashing algorithm, which aims to scramble passwords to make it more difficult for an attacker to be able to decipher,” (Kerner, S. M. 2016). It went on to say that the Yahoo breach now stands alone as one of the largest ever confirmed with over 500 million affected, (Kerner, S. M. 2016). It is still uncertain who conducted the attack against Yahoo, but it is believed to be a foreign country with the use of their Military intelligence. With Yahoo having many different applications such as Yahoo finance, fantasy sports, and Yahoo search, it is mainly known as an E-mail service provider. With Yahoo being the third largest email provider (Rosenfeld, L. 2014), when there is a breach in security a lot of users, as well as businesses, are going to be affected by it.
Due to Yahoos use of their Bcrypt hashing algorithm, most of the secured information that was obtained was encrypted. “The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected,” (Kerner, S. M. 2016). Even with the breach not impacting a lot of protected data, Yahoo took steps to warn it users and help them feel protected.
Yahoo quickly announced the security breach and notified its users to change their password immediately along with all the security questions. Yahoo went on to say that if a user was to receive an email stating to download an attachment or send sensitive information, then that was in fact a scam and not from Yahoo itself. In an Eweek article it stated “Yahoo said that any user who hasn’t changed his or her password since 2014 should do so promptly,” (Reisinger, D. 2016). Along with changing the password, you can also activate a dual login feature. This feature allows the user to set up two separate types of authentication before logging in, such as a password along with a PIN. In an Eweek article by Don Reisinger, it goes into detail about 10 different steps that a user can take to protect themselves after a cyber-attack (Reisinger, D. 2016), one of them being to check the Yahoo webpage for a FAQ section.
In the weeks since Yahoo announced the digital attack, which initially occurred in 2014 and exposed information about 500 million accounts, scammers posing as company officials have attempted to trick users into paying hundreds of dollars for phony security upgrades, stated in a 2016 article (Jack Detsch Staff 2016). So even after the fact that Yahoo has done everything they can to try to comfort the users that were affected, it still is an issue. “Yahoo failed to properly secure their private information and have lost trust in the company,” (Jack Detsch Staff 2016). With Yahoo waiting to release the details about the hack, it is also making users wonder why they hid it for so long. If you do an internet search of the hack, you’ll find that it is still unclear as to who is solely responsible and what exactly was obtained, in-fact, there is very little details about the security breach.
In conclusion, it is simple to see that, no matter how big a company is, and how many security measures they take, everyone is vulnerable. To completely protect sensitive information is to only give it when its needed and trusted. A long lost rich cousin in Brazil, that just got locked up and needs your help to get bailed out, is not one.
Greenberg, J. (November 2015). Retrieved from https://www.wired.com/2015/11/once-upon-a-time-yahoo-was-the-most-important-internet-company/.
Snider, M. (September 2016). Retrieved from http://www.usatoday.com/story/tech/2016/09/22/ report-yahoo-may-confirm-massive-data-breach/90824934/
Derrick, J. (July 2016). Retrieved from http://finance.yahoo.com/news/remember-yahoo-turned-down-1-132805083.html
Kerner, S. M. (2016). Yahoo Confirms Data Breach Affecting Over 500M Accounts. Eweek, 1.
Reisinger, D. (2016). 10 Things Yahoo Users Must Do to Protect IDs After Huge Data Breach. Eweek, 1.
Rosenfeld, L. (September 2014). Retrieved from http://www.techtimes.com/articles/15802/ 20140917/ost-popular-email-service-in-the-world.htm
Jack Detsch Staff, w. (2016, October 5). Yahoo hack raises fresh fraud concerns. Christian Science Monitor. p. N.PAG.