With three Yahoo! data breaches revealed in just six months, it's time for Verizon to just move on.
Yahoo, a company being snapped up by Verizon as soon as regulators give it the green light, has detailed yet another data breach and this time there are 32 million lucky winners. This is the third announcement of its kind we've heard from Yahoo in just six months, to wit: the September 2016 announcement where we learned that 500 million accounts had been breached from as far back as 2014, and the December 2016 announcement where we were told that one billion — that's billion with a b — accounts were accessed going back to 2013. For anyone with more than a passing interest in information security, this is just horrifying.
Just as horrifying was what went down this time. 32 million is a lot of anything but well shy of the 500 million or one billion numbers we've seen from Yahoo. But Reuters tells us something that should make everyone who ever had a Yahoo account even more nervous:
"Based on the investigation, we believe an unauthorized third party accessed the company's proprietary code to learn how to forge certain cookies," Yahoo said in its latest annual filing.
These cookies have been invalidated so they cannot be used to access user accounts, the company said.
Forged cookies allow an intruder to access a user's account without a password.
So we have a person or persons who was able to create valid cookies that allowed invalid access to user accounts because they got the code to make them from a Yahoo system. Yahoo changed something to make them invalid cookies, but that doesn't address the two big elephants in the room: What else did they "learn" and how did they get access to materials that taught them what to do? More importantly, what else has happened or is still happening that hasn't been caught or disclosed?
The method used to gain access to 32,000,000 accounts is even worse than the news they were breached.
The details are vague at best. Yahoo might tell us more now that the cat is out of the bag, but in any case, it's time for Verizon to call off the deal currently in front of regulators. Cutting the price by $350 million like they did the last time Yahoo told the world accounts had been breached just isn't enough. Nor is Mayer not getting her yearly cash bonus as "punishment" for 1,532,000,000 instances where someone had their privacy invaded under her watch. I can admire Yahoo coming clean while a corporate sale is pending but that doesn't change anything about how or why this can happen. Right now, Yahoo would be little more than a brick tied to Verizon's foot while they stand on the end of the pier.
There are a handful of reasons why this is bad for Verizon. They aren't getting Alibaba and nothing else Yahoo currently has can make a dime, for starters. The biggest is that they will need to keep most of the current methods, infrastructure, and personnel to keep what they are buying up and running. And those are tainted beyond repair.
Current and future Verizon customers deserve better and should be confident that their private data is being properly safeguarded. While there will be little if any crossover of account records and information, do you feel good about a company with access to a mountain of your data hitching themselves to the hot mess that is Yahoo right now?
You shouldn't. And Verizon shouldn't expect you to feel good about it. It's time to bail and spend your 4.5 billion elsewhere, Verizon.
Reader comments
There are 32 million reasons why Verizon needs to step away from Yahoo!
Agreed. This is ridiculous. It will only mean increased prices for Verizon customers due to litigation and many other things. Dump yahoo.
That is incorrect. Verizon already restructured their deal to ensure they are responsible for any costs associated with lawsuits or legal fees that are related to these breaches.
Yep, time for Verizon to walk away. And it's also time for users to walk away, too. Yahoo is a company beyond saving. Stick a fork in them--they're done.
I can't even access my account anymore and it's been like that for a long ass time. The phone that backed it up to was from 14 years ago and I no longer have that phone anymore.
I get so much spam in my yahoo email (via SBC GLobal), it'r rediculous! Had local phone and internet, then Uverse for a number of years.
I have a GMail account (much better), but I still get spam
I have my own personal website email and get much less spam.
I have always wondered what Verizon would gain from aquiring Yahoo.
This is all about user data patterns and advertising. Buying Yahoo gives them a wider audience for advertising. Digital advertising is huge. So they want them for the same reason they purchased AOL. Increase their digital advertising footprint.
I get all that. I'm am surprised that people still use AOL, Yahoo, Hotmail in 2017. I'm sure the ad revenue was must pretty good for them to add Yahoo to its existing portfolio of business units! LOL
I hope Verizon walks away. Yahoo isn't worth the trouble. The last thing Verizon would want to happen is acquire Yahoo and find out about another breach. Talk about class action lawsuits.
Obviously there are good reasons they want to buy them. Right? Maybe this will screw Verizon good, maybe that's a good thing lol
Why would a multi billion dollar company being screwed a good thing?
It's Verizon nuff said
I know being anti-corporate is the "in" thing nowadays with Millennials, but at the end of the day it doesn't mean jack.
Never understood why people wish failure upon the success of others. Maybe because their lives are empty and pathetic.
Because they feel entitled to everything they want, and anyone who doesn't give them whatever they want should fail.
This seems the current sentiment in a nutshell.
What exactly has Verizon done to you personally, you upset they did not provide you with free service.
In the event the sale goes through Verizon wouldn't be responsible for any costs associated with legal fees and lawsuits related to these data breaches. They renegotiated those terms when the price was reduced.
They can say that, but someone will have to pay the lawyers. If this was a sale of a business unit from one company to another, then, sure, the selling company could accept responsibility for those costs, since it will presumably still be in business, but this isn't that kind of deal. Yahoo is essentially selling itself to Verizon, with the proceeds going to the shareholders. After that, Yahoo will, for all intents and purposes, no longer exist. At that point, who should Verizon bill for the legal costs? The former Yahoo shareholders? Not easily done. Verizon is going to be on the hook for these costs, contract or no contract.
But Verizon thinks they are the best software company and can fix anything. /s
Jerry just despises Verizon doesn't he
He's accurate on this one. Yahoo is a mess and will hurt Verizons public image.
However if you want it to go through, enjoy the leftovers of Marissa Mayers screwups of Yahoo.
Been telling my wife for years to get away from that disaster company Yahoo. But she won't listen! As much as I feel sorry for the employees or that a once great Internet company is going down, I think it's time for yahoo to disappear.