Yahoo used to be a funky place to hang out, especially for some of us early Internauts who were used to browsing its neatly classified directory of everything on the early World Wide Web.
Today, a Google search for Yahoo-related data breach articles takes less than half a second to come up with 11 million hits. Over 500,000 if you know how to focus your search with the right operators.
Astonishingly, though unsurprisingly, all hits are damning, attesting to Yahoo’s terrible security, its inadequate breach response and its lack of apparent ethics.
Why Yahoo’s lack of security will cost them
The ‘state-sponsored actor’ bit is getting old. I addressed it in a recent CTV interview and said it’s becoming rather trendy to use it as a way to eschew accountability while trying to play the role of the Victim in a Karpman Drama Triangle.
Unfortunately, pitting one’s own government against faceless attackers is a story the public is rapidly getting tired of, especially as the privacy of hundreds of millions was compromised after entrusting Yahoo with the personal details it insisted on collecting.
While the revelation that Yahoo conducted privacy-invasive surveillance on its own users is only the latest indication of a long overdue correction in its embattled brand image, the fact that most outlets reported the breach as having taken place in ‘late 2014’ is something to be taken with a grain of salt. A big one. Like the above statement, by the CEO of AOL, itself a part of Verizon, Yahoo’s current suitor: “Yahoo did the best job they could”. In fact, AOL and Verizon are no strangers to massive data breaches themselves, with millions of compromised user accounts between them.
The date of the reported breach is likely arbitrary. The first indication that this is not founded in reality is the existence of other large email compromises, such as the 2012 breach of 450,000 Yahoo! customer email addresses and passwords reported by The Register and others.
If such a large data breach could take place as early as 2012, couldn’t one that is 10 or even 100 times larger have taken place around the same time since we don’t really know who did it anyway? Could there have been multiple breaches? What about multiple unrelated attackers?
Why Verizon should NOT get a discount
While Yahoo’s own News site reported its latest transgressions, it was the world’s media that skewered the company with tens of thousands of the most incriminating headlines alleging misconduct, incompetence and the overall sketchiness of the Verizon deal in light of the latest revelations.
Though Yahoo’s privacy issues have been abysmal over the years, the latest news comes at a vulnerable time for the company as they are in the midst of finalizing its sale to Verizon – who is now asking Yahoo for a hefty US$1 billion discount to finalize what was supposed to be a US$4.8 billion deal. Ouch.
But Verizon has already priced in all past breaches and the indication of this breach came early on this year, and that’s not why they’re buying Yahoo in the first place.
In my opinion, the request for a discount is just a bluff. What are your thoughts?