I have not posted about this as many others are covering it - Yahoo suffered a major data breech and anyone who uses their email accounts should change their passwords. The New York Times has a great post-mortem on the breech and the corporate culture that led to it:
Defending Against Hackers Took a Back Seat at Yahoo, Insiders Say
Six years ago, Yahoo’s computer systems and customer email accounts were penetrated by Chinese military hackers. Google and a number of other technology companies were also hit.
The Google co-founder Sergey Brin regarded the attack on his company’s systems as a personal affront and responded by making security a top corporate priority. Google hired hundreds of security engineers with six-figure signing bonuses, invested hundreds of millions of dollars in security infrastructure and adopted a new internal motto, “Never again,” to signal that it would never again allow anyone — be they spies or criminals — to hack into Google customers’ accounts.
Yahoo, on the other hand, was slower to invest in the kinds of defenses necessary to thwart sophisticated hackers that are now considered standard in Silicon Valley, according to half a dozen current and former company employees who participated in security discussions but agreed to describe them only on the condition of anonymity.
When Marissa Mayer took over as chief executive of the flailing company in mid-2012, security was one of many problems she inherited. With so many competing priorities, she emphasized creating a cleaner look for services like Yahoo Mail and developing new products over making security improvements, the Yahoo employees said.
The “Paranoids,” the internal name for Yahoo’s security team, often clashed with other parts of the business over security costs. And their requests were often overridden because of concerns that the inconvenience of added protection would make people stop using the company’s products.
But Yahoo’s choices had consequences, resulting in a series of embarrassing security failures over the last four years. Last week, the company disclosed that hackers backed by what it believed was an unnamed foreign government stole the credentials of 500 million users in a breach that went undetected for two years. It was the biggest known intrusion into one company’s network, and the episode is now under investigation by both Yahoo and the Federal Bureau of Investigation.
A long and well written article - computer security is key these days and Yahoo made the decision that any attempt at decent security (forcing users to reset passwords and to use strong ones) would drive their customers away. Fools and now they are paying the price.
Leave a comment