Computer Security Recent Investigation Reveals that Yahoo Execs Flubbed...

Recent Investigation Reveals that Yahoo Execs Flubbed Response to Massive 2014 Data Breach

yahoo execs flubbed reveal 2014 data breachDuring the unfortunate and widely popularized data breach that Yahoo suffered during 2014, the world was stunned by the news that 500 million Yahoo user accounts were exposed in one of the largest data breaches in history. At the time of the data breach, Yahoo failed to inform users or authorities of what exactly took place suppressing the devastating news until September of 2016.

Because of the failed efforts at Yahoo to reveal details and alert the masses of a massive data breach, an investigation was launched after the discovery and has reached a head where Yahoo senior executives were withholding information. In fact, the recent investigation into the data breach at Yahoo exposing a half a billion user account details reveals that Yahoo execs flubbed their response to the incident and knew all along since the late months of 2014 of the breach taking place.

Incompetence May Exist Within Giant Tech Companies

The pure incompetence of Yahoo senior executives in their withholding of the data breach details and just after it took place in September of 2014 has not only undermined the trust of Yahoo but remains to be a major disappointment to the affected Yahoo users.

An Independent Committee concluded that Yahoo's information security team had knowledge of the data breach and compromise of user accounts when it took place. Moreover, Yahoo knew about another incident that occurred in 2015 and 2016 made up of a massive cookie forging case from the same attacker that conducted the first major data breach in 2014. In all cases Yahoo failed to adequately inform users or authorities, furthering their incompetence and lack of respect for their users.

An official filing released in the recent investigation into Yahoo's failed attempts to notify the proper channels of their data breach, states the following:

"In late 2014, senior executives and relevant legal staff were aware that a state-sponsored actor had accessed certain user accounts by exploiting the Company's account management tool. The Company took certain remedial actions, notifying 26 specifically targeted users and consulting with law enforcement. While significant additional security measures were implemented in response to those incidents, it appears certain senior executives did not adequately comprehend or investigate, and therefore failed to act sufficiently upon, the full extent of knowledge known internally by the Company's information security team."

Yahoo Morally Failed It's Users

Getting into the morality of the matter, it's one thing to remain hush-mouthed about a data breach until the details are revealed. However, it's downright disrespectful and a miscalculated endeavor to purposely suppress information related to a data breach when there are hundreds of millions of user account details at risk of being infiltrated and exposed. Fundamentally, Yahoo knew of the data breach and said absolutely nothing, at least nothing notable to properly alert affected users and the authorities who could take action at the time to hunt down the perpetrators.

To make matters worse, the fact remains that data from a half a billion Yahoo user accounts were breached, which uncovered usernames, addresses, phone numbers, email addresses, hashed and encrypted passwords, and security questions. Those affected by the breach were left in the dark until nearly two years later.

From what we know now about Yahoo's disappointing actions to report a data breach, do you think there should be a law or requirement for large tech companies to report a data breach the instant that it takes place?

Loading...