Massive Yahoo Hack

In the united states, the FBI is investigating a massive hack that took place against yahoo in 2013 where over 1 billion user details have been stolen. This is particularly relevant to the UK as yahoo supplies email accounts for both BT and Sky customers.

From news reports I gather that yahoo didn’t even notice that such a huge amount of information has been stolen and it took a report from a third party for them to acknowledge the problem. This is this the equivalent of a total stranger driving up your driveway to tell you all your windows are bashed in whilst eating dinner and you haven’t noticed. Not a great image for any brand.

Yahoo security was actually weakened by them using secret questions and answers as they can be guessed plus passwords were stored with long time abandoned MD5 encryption which came into being in the early 1990’s and has been surpassed a few times since with increasingly more secure password storage. One huge sigh of relief is at least bank and card details were not stored on the same server it appears. For the love of God don’t use MD5 for that. Remember Yahoo also runs turmblr and Flickr which many recognise more than its email services.

As a company as well as a brand there are always consequences for not taking care of your customers data in both image and revenue. I hope yahoo deals with this sympathetically and takes on board the lessons to move forward into the future.