Yahoo’s breach ushers in age of hacker anxiety
Published 8:45 am Thursday, December 15, 2016
SAN FRANCISCO — Yahoo has become the worst-case example of an unnerving but increasingly common phenomenon — massive hacks that steal secrets and other potentially revealing information from our personal digital accounts, or from big organizations that hold sensitive data on our behalf.
On Wednesday, Yahoo disclosed a gargantuan breach affecting more than a billion user accounts, the largest such attack in history. The company said that attack happened in August 2013, although Yahoo only discovered it recently. Worse, the company’s announcement followed a similar announcement last September of a 2014 hack — one Yahoo ascribed to an unnamed foreign government — that affected 500 million accounts.
Neither Yahoo breach has yet been linked to online fraud or any specific repercussions for Yahoo users. But their disclosure closely follows U.S. intelligence concerns about Russian hacking of Democratic emails during the presidential campaign — not to mention other recent attacks on a major health insurer, a medical lab-test company and the government office that manages millions of federal employees.
“The lesson is clear: no organization is immune to compromise,” said Jeff Hill, director of product management for cybersecurity consultant Prevalent. And since most of us are dependent on big organizations that hold our digital lives in their hands, in a broad sense that effectively means no one is safe.
Government attackers
Of course, it’s not that simple. The most sophisticated break-ins are likely the work of digital burglars working for foreign governments that are mostly interested in manipulating their enemies, not emptying your bank account.
In the past few years, hackers tied to foreign governments are believed to have stolen emails to embarrass celebrities and Hollywood moguls (recall the Sony Pictures break-in during 2014) and possibly even to influence the 2016 presidential election.
“Espionage has gone digital like so many other things our world,” said Steve Grobman, chief technology officer at Intel Security. “We’re increasingly seeing data being used as a weapon, where leaked or fabricated information is being used to intentionally damage individuals and governments.”
Yahoo’s security breakdowns could turn into expensive deal breakers for the Sunnyvale, California, company.
Both lapses occurred during the reign of Yahoo CEO Marissa Mayer, a once-lauded leader who found herself unable to turn around the company in the four years since her arrival. Earlier this year, Yahoo agreed to sell its digital operations to Verizon Communications for $4.8 billion — a deal that may now be imperiled by the hacking revelations.
Two hacks, more than a billion accounts
Yahoo didn’t say if it believes the same hacker might have pulled off two separate attacks. The Sunnyvale, California, company blamed the late 2014 attack on a hacker affiliated with an unidentified foreign government, but said it hasn’t been able to identify the source behind the 2013 intrusion.
Yahoo has more than a billion monthly active users, although some have multiple accounts and others have none at all. An unknown number of accounts were affected by both hacks.