Yahoo email hack: the sign of a never-ending crisis

Yahoo has officially confirmed that at least 500 million e-mail accounts were violated in 2014 by a cyber attack: it is  one of the greatest email hacks in the history of Internet. The news was anticipated by Recode website on September 22 and later confirmed by a Yahoo press release. The “once big” search engine says the theft involved personal account information such as phone numbers, dates of birth and did not involve data such as bank details or credit card numbers.

Yahoo is warning users whose account has been hacked and has disabled the security questions to access the accounts: users who have not changed passwords in the last two years have been suggested to do it as soon as possible. The company run by Marissa Mayer is claiming that the author of the security breach was a “state-sponsored” hacking group but has not given further details or evidence supporting this hypothesis.

Inside sources have told Recode that two years ago the computer security expert, and at that time an employee of Yahoo’s, Alex Stamos, asked Yahoo executives to do something immediately about the suspected violation of hundreds of millions of accounts, but was basically ignored. Stamos left Yahoo in mid-2015 and now works as head of security at Facebook. Some tech sites, starting from Recode, now recommend users to abandon Yahoo, not so much for the extension of the violation, but for the fact that the company had waited a long time before making it public and start doing something. This is an unacceptable behavior for a company that provides an email service which, by its nature, it requires a high reliability profile.

marissa mayer yahoo crisis

Photo by Jason Alden / Bloomberg
This is another big problem in the long crisis afflicting Yahoo: because one thing is suffering a hacker attack and another thing is doing nothing to run for cover. Furthermore this reveals a terrible truth: the financial crisis of Yahoo is so severe that the tech firm cut not only additional costs but also those vital, such as those dedicated to the security of the systems.

The company based in Sunnyvale, which a few months ago was at the height of negotiations for the acquisition by Verizon, may at this point have to face the greatest threat of all: the termination of the preliminary agreement – Verizon was not informed during due diligence and this could be an escape clause – or at least a price renegotiation.