How Yahoo Hacked 3 Billion User Accounts & Caused A Global Health Hazard
In Brief
- The Facts:Yahoo holds
the 3 time record for the largest cybersecurity breaches in history and
is the first confirmed company to willingly agree to let the U.S.
government scan and collect information
from all users. - Reflect On:The potential stress that Yahoo and any big email service causes users by deliberately leaving personal data open to infiltration and why they don't implement encryption.
The
cyber attacks on Yahoo occurred back in 2013 and 2014, but Yahoo first
informed the public of these attacks in 2016 and 2017. All of their 3
billion users were affected, some of whom on two occasions, but in
between these announcements, another revelation occurred. Incoming
emails from all 3 billion Yahoo users’ accounts were also systematically
scanned by the U.S. government in 2015. This time with Yahoo’s
cooperation.
advertisement - learn more
According to the World Health Organization:
“Health is a state of complete physical, mental and social well-being and not merely the absence of disease or infirmity.”
The potential stress Yahoo may have
caused any number of their 3 billion users around the world, as well as
any number of non-Yahoo users who sent emails to Yahoo users, makes them
a global public health hazard, but the mainstream narrative focused on Verizon consequently paying less to buy Yahoo, and CEO Marissa Mayer having to forfeit her annual bonus and stock award.
Yahoo announces the largest user data breach in history
Sept 2016 and Yahoo announced that “at least 500 million user accounts” had been hacked in 2014. Having retrieved names, email addresses, telephone numbers, dates of birth, passwords and security questions and answers, it was hailed by the media as one of the largest cybersecurity breaches of all time. The company said
they believed a “state-sponsored actor” was behind the data breach,
meaning an individual acting on behalf of a foreign government.
Yahoo collaborates with U.S. government to spy on user emails
October 2016 and Reuters revealed that
Yahoo users once again were having their emails accessed without their
knowledge. This time by the U.S. government. The FBI and the National
Security Agency (NSA) approached Yahoo to build a custom software
program to read all of their users’ incoming emails. The program was in
operation by May 2015 and was designed to search for a specific string
or digital ‘signature’. This could be a phrase in an email or an
attachment. When that ‘signature’ was found, that email or attachment
was then copied and sent to the relevant U.S. intelligence agency
server.
advertisement - learn more
The program spied on every person who emailed a Yahoo! Mail account, implying every Yahoo! Mail user is guilty and violating the privacy of people around the world. Both Reuters and The New York Times stated that this is the first known case of a U.S. internet company agreeing
to the systemic scanning of all arriving messages and real-time data
collection at an intelligence agency’s request, as well as the first
known time that a new program was created to do so.
Yahoo did not need to cooperate
The NSA and FBI used FISA to justify the
global top-secret mass surveillance programs tracking foreign nationals
and U.S. citizens revealed by Edward Snowdon in 2013; yet these programs
remain unconstitutional – which means illegal. FISA, the Foreign
Intelligence Surveillance Act, can allow the secret national security
court to issue an edict, but a specific target should be identified, and
section 702 of FISA exclusively applies to agents of a foreign power
located outside the USA.
“This is another example of how the government is pushing secretly novel or innovative interpretations of surveillance law” to conduct wiretapping in broader ways than the public realize, said Jennifer Granick, the director of civil liberties at the Stanford Law School Center for Internet and Society.“It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court” Patrick Toomey, an attorney with the American Civil Liberties Union, said in a statement.
Yahoo announces the (2nd) largest user data breach in history
Two months later, in December 2016, Yahoo
announced they had discovered another major cyberattack had taken place
in 2013. The Guardian explained that
this second “state-sponsored” attack had affected more than 1 billion
user accounts, making this one the “biggest data breach in history.”
Yahoo announces the (3rd) largest user data breach in history
October 2017 and Yahoo revealed that every
one of their 3 billion accounts had been affected by the 2013 data
theft, making this new number “the largest breach in history.”
This means that every Yahoo user’s
account information was retrieved, and that means all of their services
could have been accessed, including Yahoo! Mail, Yahoo! Groups, Flickr
and Tumblr.
Although Yahoo claims neither of these
attacks breached the system where user payment card and bank account
details are stored, any private details found in every Yahoo user’s
personal emails could have been collected.
“For years I have been urging friends and family to migrate off of Yahoo email, mainly because I watched for years as the company appeared to fall far behind its peers in blocking spam and other email-based attacks” states security researcher Brian Krebs.
Yahoo is responsible for jeopardizing their own users’ safety
March 2017 and Yahoo! disclosed
the results of an internal investigation which found that CEO Marissa
Mayer had reacted too slowly, other executives had “failed to act
sufficiently” and the companies legal department had also been
negligent. It was revealed
that the company’s security team had identified that a hacker had
accessed at least 500 million user accounts back in 2014, yet Yahoo
chose to notify only 26 users.
In October 2017, when Yahoo announced
that all 3 billion of their users were hacked in 2013, the company said
they will begin alerting accounts. They also stated
that “in connection with Yahoo’s December 2016 announcement of the
August 2013 theft, Yahoo took action to protect all accounts.” The
action that they took was to ask 1 billion of 3 billion affected users
to change their passwords. This does not protect users from being
hacked. All users had passwords before.
The Takeaway
The revelation that all 3 billion Yahoo
users had been hacked by an alleged “state-sponsor actor” caused media
outrage, two FBI investigations, and some 43 consumer class-action
lawsuits against the company. The revelation that all 3 billion Yahoo
users’ emails have also been unknowingly scanned systemically by the
U.S. government warrants a similar reaction.
Yahoo’s cooperation was not necessary.
The company could have contested the request to create a custom software
program to spy on their own customers in court. Instead, Yahoo users
were not only spied on in 2013 and 2014, but again in 2015, and all of
their users were not informed until 2017, leaving the safety of millions
then billions of users at jeopardy.
In 2018, Yahoo still state in
their Privacy Policy that “Once you register with Yahoo and sign in to
our services, you are no longer anonymous.” The only way any big email
service like Yahoo! Mail, Gmail or Apple Mail can successfully protect
your personal data and online privacy as an internet user is by
encryption as standard.
The only reason big companies do not want
to do this is because they want to have access to your personal
information. The solution is simple. Choose a different narrative to the
ongoing infiltration of your personal and private information.
Cybersecurity is available to everyone, and it starts with a simple-to-use encrypted email account elsewhere, such as Tutanota or Protonmail.
Article by Wake Up World Education founder, Robito Chatwin.
Sign up for the latest from Wake Up World Education, an academic, science-supported, independent online educational platform that provides free Personal & Global Wellness Training.
We Need Your Support...
In order to stay truly independent, we need your help. We are not going to put up paywalls on this website, as we want to get our info out far and wide. For as little as $3 a month, you can help keep CE alive!
SUPPORT CE HERE!
No comments:
Post a Comment