Yahoo data breaches: Food for thought on cybersecurity

The cyber incursions suffered by Yahoo in 2013 and 2014 affected the data of 500 million and over 3 billion users respectively, representing a serious failure in data security. Russian attackers managed to penetrate Yahoo's systems and began trading the information on Dark Web platforms. Despite the extent of the compromised data, the cybersecurity world is still lagging behind in addressing the fundamental issues that enabled these breaches.

An attack favored by phishing techniques and outdated encryption

The first attack was aided by a phishing email sent to a Yahoo employee. This deception technique allowed the use of counterfeit cookies to improperly access user accounts. Compounding the situation were Yahoo's use of outdated password encryption methods and users' recurring practice of reusing the same passwords.

Yahoo privacy and the consequences

Despite hiring Alex Stamos as chief security officer to strengthen security protocols, Yahoo's commitment to data protection has been called into question. This occurred especially when it emerged that the company had intentionally concealed violations, including during negotiations to sell it to Verizon in 2017. The consequences of this revelation were severe, including a $35 million fine from Securities and Exchange Commission (SEC) and a reduction in the value of the deal.

A new direction towards transparency and responsibility

Following the Yahoo events, the SEC mandated that any violations must be reported promptly, within four days of their detection. This policy change reflects a new direction towards transparency and accountability in business management and cybersecurity, highlighting the importance for companies to prioritize not only their security infrastructure, but also their method of managing and reporting claims when they occur.