Data Breaching in Yahoo: Impact on Reputation and Finances
VerifiedAdded on 2023/05/28
|7
|1761
|485
AI Summary
The report discusses the data breaching incident in Yahoo that affected more than 1 billion user accounts. It highlights the policy and financial impact it created on Yahoo. The report also emphasizes the importance of cyber security and proper law suits for ensuring security to the information system.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: CYBER SECURTY
CYBER SECURITY: DATA BREACHING IN YAHOO
Name of the Student
Name of the University
Author Note
CYBER SECURITY: DATA BREACHING IN YAHOO
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1CYBER SECURTY
Table of Contents
Introduction...........................................................................................................................................2
About Yahoo! Data breaches................................................................................................................2
Conclusion.............................................................................................................................................5
References.............................................................................................................................................6
Table of Contents
Introduction...........................................................................................................................................2
About Yahoo! Data breaches................................................................................................................2
Conclusion.............................................................................................................................................5
References.............................................................................................................................................6
2CYBER SECURTY
Introduction
The purpose of these report is to discuss about data breaching in social media that
affected a huge population. In this report the chosen data breaching event is of Yahoo. Data
breach is the activity in which private and confidential data gets disclosed to an untrusted
environment. Sometimes it is done by hackers and sometimes it may be caused due to
irresponsible behavior of an individual. More than 1 billion user accounts of Yahoo got
affected by data breaching that occurred in the year 2013. However this act was later reported
by the end of 2016. The Yahoo site confirmed that for than 3 million users account got
impacted with the data breaching. It took more than 3 years to disclose about the breaches
and security issues that affected the people associated with this social media (Thomas et al.
2017). The report will discuss about the policy and the financial impact it created on Yahoo.
About Yahoo! Data breaches
By the end of 2016, Yahoo! reported two major data breaches that took place in the mid-year
of 2013 and early and 2014. The data breaches that took place in the year 2014 affected around 500
million Yahoo! user accounts and this was reported in the year 2016. The data breaches took place in
year 2013 affected around 1 million people. Both the breaches are treated as largest breaches in the
history of internet. The hacker collected specific and private details of each user that included name,
email address, passwords and even the encrypted security questions along with the answers. The data
breaches occurred in the year of 2013 and 2014 and it got disclosed by the year 2016 ( Solow-
Niederman, 2017). That is the reason behind law suits faced by Yahoo. The breaches has impacted
Verizon Communications July plan that resulted the organization to close a deal with a decrease value
of $350 million.
This incident effected several users of yahoo and also raised several questions against the
security provided by the association towards their users. According to report it became difficult to
determine the hacker behind all these events (Torre, Dumay & Rea, 2018). As yahoo made it a long
Introduction
The purpose of these report is to discuss about data breaching in social media that
affected a huge population. In this report the chosen data breaching event is of Yahoo. Data
breach is the activity in which private and confidential data gets disclosed to an untrusted
environment. Sometimes it is done by hackers and sometimes it may be caused due to
irresponsible behavior of an individual. More than 1 billion user accounts of Yahoo got
affected by data breaching that occurred in the year 2013. However this act was later reported
by the end of 2016. The Yahoo site confirmed that for than 3 million users account got
impacted with the data breaching. It took more than 3 years to disclose about the breaches
and security issues that affected the people associated with this social media (Thomas et al.
2017). The report will discuss about the policy and the financial impact it created on Yahoo.
About Yahoo! Data breaches
By the end of 2016, Yahoo! reported two major data breaches that took place in the mid-year
of 2013 and early and 2014. The data breaches that took place in the year 2014 affected around 500
million Yahoo! user accounts and this was reported in the year 2016. The data breaches took place in
year 2013 affected around 1 million people. Both the breaches are treated as largest breaches in the
history of internet. The hacker collected specific and private details of each user that included name,
email address, passwords and even the encrypted security questions along with the answers. The data
breaches occurred in the year of 2013 and 2014 and it got disclosed by the year 2016 ( Solow-
Niederman, 2017). That is the reason behind law suits faced by Yahoo. The breaches has impacted
Verizon Communications July plan that resulted the organization to close a deal with a decrease value
of $350 million.
This incident effected several users of yahoo and also raised several questions against the
security provided by the association towards their users. According to report it became difficult to
determine the hacker behind all these events (Torre, Dumay & Rea, 2018). As yahoo made it a long
3CYBER SECURTY
late to discover the breaches as well as implementing the security measures it became a point of
criticism. With the implementation of cyber kill chain industry can easily identify the activities of an
attacker. Effective implementation of kill chain will help in assisting the information security
professional greatly and will help the organization to protect the assets of an organization. There are
all total seven stages associated with the kill chain mechanism each step is designed to understand and
define the activities of a hacker. The first stage is known as reconnaissance, in this stage the attacker
asses and collects information regarding the organization from outside after assessing both technical
and non-technical perspective. However there are two ways in which the information is gathered. First
is active information gathering and second one is passive information gathering (Kasiak et al., 2018).
The second stage includes weaponization where hackers develop a malware specifically to encounter
the vulnerabilities discovered at the stage of reconnaissance phase. Third stage is delivery, this
involves transmitting of APT code from attacker so that it can be used to target information system
for further exploitation. The fourth stage includes exploitation phase after these installation phase is
being implemented. The last step is related to actions on objectives (Trautman & Ormerod, 2016). In
order to overcome these situation it becomes important for every organization to implement a defense
strategy that will help organization to protect the asset. The defense strategies includes
implementation of organization with information security programs. With the use of effective user
training and awareness regarding email borne threats such as phishing. The organization should
maintain a strong cyber hygiene practice throughout the organization.
In order to protect the data from getting breached it is the responsibility of each organization
to implement some data security policies that will save guard the information system. There are
several ways in which the data security can be assured this includes:
Protecting the information: this becomes very important to protect sensitive information and
do not reveal to unauthorized person.
Reducing the transfer of data: the organization can put a ban on shifting data from internal
device to an external device.
late to discover the breaches as well as implementing the security measures it became a point of
criticism. With the implementation of cyber kill chain industry can easily identify the activities of an
attacker. Effective implementation of kill chain will help in assisting the information security
professional greatly and will help the organization to protect the assets of an organization. There are
all total seven stages associated with the kill chain mechanism each step is designed to understand and
define the activities of a hacker. The first stage is known as reconnaissance, in this stage the attacker
asses and collects information regarding the organization from outside after assessing both technical
and non-technical perspective. However there are two ways in which the information is gathered. First
is active information gathering and second one is passive information gathering (Kasiak et al., 2018).
The second stage includes weaponization where hackers develop a malware specifically to encounter
the vulnerabilities discovered at the stage of reconnaissance phase. Third stage is delivery, this
involves transmitting of APT code from attacker so that it can be used to target information system
for further exploitation. The fourth stage includes exploitation phase after these installation phase is
being implemented. The last step is related to actions on objectives (Trautman & Ormerod, 2016). In
order to overcome these situation it becomes important for every organization to implement a defense
strategy that will help organization to protect the asset. The defense strategies includes
implementation of organization with information security programs. With the use of effective user
training and awareness regarding email borne threats such as phishing. The organization should
maintain a strong cyber hygiene practice throughout the organization.
In order to protect the data from getting breached it is the responsibility of each organization
to implement some data security policies that will save guard the information system. There are
several ways in which the data security can be assured this includes:
Protecting the information: this becomes very important to protect sensitive information and
do not reveal to unauthorized person.
Reducing the transfer of data: the organization can put a ban on shifting data from internal
device to an external device.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4CYBER SECURTY
The state data law includes a protection ad privacy law that are used to determine the activities
associated to each steps. This law includes a clause that requires prompt notification about consumers
that tells about thee data breaching act. This act also includes disclosing the breaches taking place
within the system and that are harming people. The people behind these breaches should be disclosed
without delaying however it took more than three years for Yahoo to identify the breaches and
analysing the number of people got affected by this incident. More than millions of peoples lost their
valuable and their private information got breached. Moreover it harmed the reputation of yahoo
organization. Yahoo lacked in providing proper security features to their uses and moreover their
delaying nature lead them to face criticism (Gupta, 2017). After all this incident the company did not
took any major steps to implement new features as fast as other companies react to such issues.
Moreover according to the experts report it is found that yahoo did not asked their users to change the
password for better security purpose. Apart from these several experts stated that yahoo’s financial
situation has not allowed the company to invest on cyber security.
The member of U.S. government shared that they are really upset with the behaviour and delay
showed by Yahoo in detecting such a major issue. Moreover U.S Securities and Exchange
Commission asked the CBI to investigate about whether the organization has fulfilled all their
obligation under federal securities laws or not. By the mid of 2016 it was investigated that 23 lawsuits
related to 2014 data breaches were been filled against yahoo (Whitler & Farris, 2017). Among those
one law suit disclosed that the hack caused an intrusion into personal financial matters. Yahoo failed
to provide an adequate protection towards their user’s personal information. SEC has issued over $35
million to yahoo as they failed to disclose the fact regarding the 2014 data breach. Apart from these
yahoo has issued $50 million for settlement against the class action. Verizon communications has
entered into the state of negotiation and approval for purchasing a portion of Yahoo properties for
$4.8 billion. However Verizon was not aware about the data breaches incident took place in yahoo.
This lead to face a major lose to yahoo, as the deal closed with decreasing the share value by $ 350
million.
The state data law includes a protection ad privacy law that are used to determine the activities
associated to each steps. This law includes a clause that requires prompt notification about consumers
that tells about thee data breaching act. This act also includes disclosing the breaches taking place
within the system and that are harming people. The people behind these breaches should be disclosed
without delaying however it took more than three years for Yahoo to identify the breaches and
analysing the number of people got affected by this incident. More than millions of peoples lost their
valuable and their private information got breached. Moreover it harmed the reputation of yahoo
organization. Yahoo lacked in providing proper security features to their uses and moreover their
delaying nature lead them to face criticism (Gupta, 2017). After all this incident the company did not
took any major steps to implement new features as fast as other companies react to such issues.
Moreover according to the experts report it is found that yahoo did not asked their users to change the
password for better security purpose. Apart from these several experts stated that yahoo’s financial
situation has not allowed the company to invest on cyber security.
The member of U.S. government shared that they are really upset with the behaviour and delay
showed by Yahoo in detecting such a major issue. Moreover U.S Securities and Exchange
Commission asked the CBI to investigate about whether the organization has fulfilled all their
obligation under federal securities laws or not. By the mid of 2016 it was investigated that 23 lawsuits
related to 2014 data breaches were been filled against yahoo (Whitler & Farris, 2017). Among those
one law suit disclosed that the hack caused an intrusion into personal financial matters. Yahoo failed
to provide an adequate protection towards their user’s personal information. SEC has issued over $35
million to yahoo as they failed to disclose the fact regarding the 2014 data breach. Apart from these
yahoo has issued $50 million for settlement against the class action. Verizon communications has
entered into the state of negotiation and approval for purchasing a portion of Yahoo properties for
$4.8 billion. However Verizon was not aware about the data breaches incident took place in yahoo.
This lead to face a major lose to yahoo, as the deal closed with decreasing the share value by $ 350
million.
5CYBER SECURTY
Conclusion
From the above report it can be said that data breaching of Yahoo had greatly impacted the
reputation of yahoo and has also hampered from the financial perspective. Yahoo failed to maintain
proper security suit for the organization and also overlooked the importance of cyber security within
the organization. Thus from the case study it can be said that there is a huge importance of having
proper cyber security and proper law suit that will ensure security to the information system. After
these incident it took a lot time to regain the position and trust in the market. Each user wants to have
a platform that will provide highest security. Moreover the organisation failed to detect the data
breaches at first and it took more than 3 years to identify the risks. Thus, it is important for every
organization to provide better security towards their information system.
Conclusion
From the above report it can be said that data breaching of Yahoo had greatly impacted the
reputation of yahoo and has also hampered from the financial perspective. Yahoo failed to maintain
proper security suit for the organization and also overlooked the importance of cyber security within
the organization. Thus from the case study it can be said that there is a huge importance of having
proper cyber security and proper law suit that will ensure security to the information system. After
these incident it took a lot time to regain the position and trust in the market. Each user wants to have
a platform that will provide highest security. Moreover the organisation failed to detect the data
breaches at first and it took more than 3 years to identify the risks. Thus, it is important for every
organization to provide better security towards their information system.
6CYBER SECURTY
References
Gupta, A. (2017). THE EVOLUTION OF FRAUD: ETHICAL IMPLICATIONS IN THE AGE OF
LARGE-SCALE DATA BREACHES AND WIDESPREAD ARTIFICIAL INTELLIGENCE
SOLUTIONS DEPLOYMENT.
Kasiak, J., Carbunar, B., Christensen, J., Lyukova, M., Bajaj, S., Boruta, M., ... & Stan, G. (2018,
October). CipherLocker: Encrypted File Sharing with Ranked Search https://cipherlocker.
com. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and
Communications Security (pp. 2234-2236). ACM.
La Torre, M., Dumay, J., & Rea, M. A. (2018). Breaching intellectual capital: critical reflections on
Big Data security. Meditari Accountancy Research, 26(3), 463-482.
Solow-Niederman, A. (2017). Beyond the Privacy Torts: Reinvigorating a Common Law Approach
for Data Breaches. Yale LJF, 127, 614.
Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., ... & Margolis, D. (2017, October).
Data breaches, phishing, or malware?: Understanding the risks of stolen credentials.
In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications
Security (pp. 1421-1434). ACM.
Trautman, L. J., & Ormerod, P. C. (2016). Corporate Directors' and Officers' Cybersecurity Standard
of Care: The Yahoo Data Breach. Am. UL Rev., 66, 1231.
Whitler, K. A., & Farris, P. W. (2017). The Impact of Cyber Attacks On Brand Image: Why Proactive
Marketing Expertise Is Needed for Managing Data Breaches. Journal of Advertising
Research, 57(1), 3-9.
References
Gupta, A. (2017). THE EVOLUTION OF FRAUD: ETHICAL IMPLICATIONS IN THE AGE OF
LARGE-SCALE DATA BREACHES AND WIDESPREAD ARTIFICIAL INTELLIGENCE
SOLUTIONS DEPLOYMENT.
Kasiak, J., Carbunar, B., Christensen, J., Lyukova, M., Bajaj, S., Boruta, M., ... & Stan, G. (2018,
October). CipherLocker: Encrypted File Sharing with Ranked Search https://cipherlocker.
com. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and
Communications Security (pp. 2234-2236). ACM.
La Torre, M., Dumay, J., & Rea, M. A. (2018). Breaching intellectual capital: critical reflections on
Big Data security. Meditari Accountancy Research, 26(3), 463-482.
Solow-Niederman, A. (2017). Beyond the Privacy Torts: Reinvigorating a Common Law Approach
for Data Breaches. Yale LJF, 127, 614.
Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., ... & Margolis, D. (2017, October).
Data breaches, phishing, or malware?: Understanding the risks of stolen credentials.
In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications
Security (pp. 1421-1434). ACM.
Trautman, L. J., & Ormerod, P. C. (2016). Corporate Directors' and Officers' Cybersecurity Standard
of Care: The Yahoo Data Breach. Am. UL Rev., 66, 1231.
Whitler, K. A., & Farris, P. W. (2017). The Impact of Cyber Attacks On Brand Image: Why Proactive
Marketing Expertise Is Needed for Managing Data Breaches. Journal of Advertising
Research, 57(1), 3-9.
1 out of 7
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.