Yahoo Data Breach Case Assignment

Verified

Added on 2022/07/28

AI Summary

Attached is the description for the assignment. Preferably 7 references

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: SECURITY BREACH
Security Breach
Name of the Student:
Name of the University:
Author note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1SECURITY BREACH
Table of Contents
Introduction:....................................................................................................................................2
Yahoo Data Breach Case: How the attack has taken place.............................................................2
System vulnerabilities......................................................................................................................2
People Responsible:.........................................................................................................................2
Was it avoidable..............................................................................................................................3
Role of Cyber Insurance in Risk Mitigation:...................................................................................3
Background of the cases:.................................................................................................................3
Similarities between the two data breaches.....................................................................................4
Differences in the data breaches......................................................................................................4
Lesson learnt by the Companies from each other:...........................................................................5
Reflection:........................................................................................................................................6
References:......................................................................................................................................7

2SECURITY BREACH
Introduction:
Information is one of the most significant assets of any company. In this report, we will
discuss about such information and data breaches in the company which has led to a massive
compromisation of the data.
Yahoo Data Breach Case: How the attack has taken place
In 2013, Yahoo witnessed one of the most devastating data breaches in the company,
where near about 3 million Yahoo accounts were hacked. The company databases are the
storehouse of the most crucial and sensitive information. These sets of data consist of the
information like the customer data, transaction details, passwords of the Yahoo Account, and
many other employees and customer details which if stolen can lead to major issues in the future.
However, the integrity of the data is lost due to this (Cheng, Liu and Yao 2017). With the third
party having full access to the data, the information of the customers is no longer considered to
be safe with Yahoo, the initial face of the internet.
The attack occurred in the form of spear-phishing. This attack is an e-mail scam that has
taken place in the company. Here, the hacker or the attacker sends an e-mail in which there is a
malicious file. Opening that file may redirect to a page which is which may look genuine.
However, while the link or the file is running in the system, the information present in the system
along with the user’s credentials are harvested by the hacker. Before the concerned person is
aware of the fact, the job of the hacker is already done. Here, the electronic mails were sent to
the employees of the organization. However, it was not clear from the investigation of how many
emails were sent (Manworren, Letwat and Daily 2016).
System vulnerabilities:
As mentioned earlier, the company databases are the storehouses of the data. The Yahoo
Database consisted of an innumerable amount of credentials of various employees as well as the
customers who used the search engine for availing their day to day activities along with a
cryptographic value which is entirely exclusive to each account. The credentials consisted of the
financial details of a customer, passwords, often consists of the details of the bank accounts
required for performing online transactions and many more (Crabb 2017). These are sensitive
data which can be used for accessing a personal system and extracting information out of them.
Money can be removed from the accounts of the individuals, or selling them out and misusing
them and extortion as well. With the encryption key in their hands, they were able to decrypt all
the confidential data of the customers present in the system (Thielman 2016).
People Responsible:
As per the reports, the investigation team suspected the Russian government for the
attack. However, the matter was not proven to until the next year that is 2016, when then the FBI
identified the four people who were involved in the attack of 2013 in Yahoo. The two of them
are the Russia Spies. Aleksey Belan, the Latvian Hacker, was the first one to be involved in this
system of hacking. He looked around in the networks for the account management tool of the
company and the database holding the information of the customers. These are the major aspect
of the system which initiated the hack. With the help of this, he was successful in creating a
backdoor in the Yahoo system server (Trautman and Ormerod 2016). With all the necessary
information gathered, Belan directed his fellow commercial hacker. Karim Baratov to initiate the

3SECURITY BREACH
hacking into the database. They were instructed by the Russian agents Dmitry Dokuchaev and
Igor Sushchin to hack the targeted accounts such that the essential information can be gathered.
Was it avoidable:
As per the Chief Strategy Officer, Chenxi Wang, Yahoo was not quite proactive in terms
of providing security to the information of the customers. He said that the company was reluctant
in the application of the bug bounty programs for detecting the bugs in the system. The existing
passwords were not refreshed after the first attack occurred. According to him, the significant
loss of the data could have been avoided if the precautionary measures would have been taken in
the first place and the existing customers making use of the search engine were requested to
change their passwords (Team 2015). In fact, he has mentioned that, even after the first breach,
the end to end encryption was implemented long after the incident took place. The while hat
hackers were appointed in 2015 to look out for the vulnerabilities of the system. This could have
been done much before the incidents took place. According to the cybersecurity company, the
SimpleWan, CEO, Mr Erik Knight said that Verizon, the new owner of Yahoo was well aware of
what could have happened after the very first breach into the system. However, the severity was
due to lack of thoroughness towards the matter which Verizon did not take as seriously as it was
needed. Above all these, the CEO of Yahoo has wholly rejected the intrusion detection system to
do its work and has prevented the auto-reset of the passwords of the former and the existing
employees of the organization which had made it easier for the hackers to access the data of the
people who were involved. As per the reports, the hackers were able to access the emails and the
personal information of the company without the requirement of the password. Hence, the
situation could have been easily avoided with the enhancement of security in the organization.
Role of Cyber Insurance in Risk Mitigation:
A cyber insurance policy is also known as the Cyber Liability Insurance Coverage. This is
designed to help an organization to mitigate the risk of the cost which may be required for the
purpose of the recovery in the cybersecurity attack. In the present time, the business giants of the
various companies lay emphasis upon purchasing of this insurance for the protection of the
Information technology assets of the company(Miller 2018). The insurance policy covers all
most all the expenses claimed by the first parties. However, certain third-party costs are covered
by insurance companies as well.
Yes, it is absolutely possible for the cybersecurity policies to prevent specific threats that
are waiting to hamper the organisations. The procedures implement the set of rules and
regulations for the users which helps them to control the access of the users into the system. It is
often seen that the threats come from the internal users of the organization, as they are uncertain
of what information to access and what not to (Hikmah and Adam 2020).
Background of the cases:
This research speaks about two data breaches in two of the world’s most renowned
companies discussing their similarities. One of them was a data theft on Facebook in 2018. It
was confirmed that the hackers got access to the personal information of the users through a
unique feature in the Facebook code. This allowed them to gain control of nearly fifty million
user accounts (Weedon Nuland and Stamos 2017). The government said that they must intervene

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4SECURITY BREACH
in the matter if Facebook cannot handle its services. It was also noted that the hacking operation
was supported by a nation-state causing several election issues and even deaths in certain
countries. There were three flaws in Facebook systems allowing hackers to get system access
and hack Spotify, Instagram and the user details associated with it.
Facebook was able to fix the problems and dealing with law enforcement. The range of
the attack and the users affected were fully detected and dealt with. But the investigation is still
on.
Another such breach occurred in Yahoo. It was found out that all their accounts were
hacked in a data theft, which would be more than three billion accounts. This resulted in the
largest data thefts in cybercrime history and a very costly one as well according to experts
leading to Yahoo cutting off its asset prices in a sale at Verizon. The offer price for Yahoo assets
was reduced by $350 billion due to this cyber attack (Trautman and Ormerod 2016). The
company said that the user passwords, financial information or transaction data were not
revealed but the experts suggest that the encryption codes are weak and easily decodable. But the
security questions and the email addresses which were sent along with them were hacked,
allowing hackers to get access to the user accounts. Verizon paid $4.48 billion for the case and
Yahoo has notified all the users whose accounts were affected to help them out.
Similarities between the two data breaches
The two data thefts, the one at Facebook and the other at Yahoo both had certain
similarities. Both of them were huge data breaches which affected a lot of people leading to them
losing their trust in the companies as a result. This led to a massive loss for the companies with
them having a lot of difficulties in coming out of it (Cadwalladr and Graham-Harrison 2018).
The breach at Facebook is still under investigation and no one knows what new would
rise up from the investigation. The Yahoo data breach was so huge that the company is suffering
from that even now with the price of its assets falling. Both cybercrimes were the largest
breaches in the respective company’s history (Wear et al. 2018). Facebook has never seen such a
breach in their fourteen-year history and Yahoo data breach is regarded as the largest breach in
the cybersecurity history. Both of these breaches occurred after a previous issue of a similar
kind. Yahoo had faced another data breach prior to this which actually resulted in the loss of the
company rising further making it the largest data breach. Facebook also had a bad time as in
2017, which is a year earlier to the breach, when there were rumours that the private information
of about eighty-seven million users was accessed by a British analytics firm which led to the
users turning insecure about their personal data.
Differences in the data breaches
Although both the data breaches were very dangerous for users as well as the companies
themselves, both the breaches still had some difference. One of the biggest differences is the
number of people affected by the data theft. The Facebook data theft affected the accounts of
about fifty million users which is a big number but this is nothing compared to the data heist at
Yahoo which affected the accounts of all the Yahoo users, estimated as more than three billion
(Brill and Smolanoff 2017). This shows the severity of the thefts and why Yahoo theft is
something that was never seen before or even after that. Another difference is the way the
companies dealt with the heist and its aftermaths. Facebook was able to deal with the heist very
well. Even though the company is only fourteen years old, it managed to rectify its mistakes

5SECURITY BREACH
quite a bit. The software bugs in the company were awkward, especially for Facebook which
takes engineering and technological matters very seriously. It declared on media that the
company is looking into the matter very seriously and adequate means have been taken to
prevent this in future.
The Yahoo breach affected a lot of users and the company as a whole a lot more than
Facebook. The company had to reduce the price of their assets, and the sales went low. It tried to
provide relief to the affected users but its reputation declined a lot (Ritenour 2020). Hence, it can
be said that Facebook was able to handle the problem much better than Yahoo and was able to
show convincing improvements in order to prevent such a thing.
Lesson learnt by the Companies from each other:
Facebook, which is comparatively newer company when both the companies are taken
into consideration should learn how a simple mistake of due diligence can result in such a hectic
failure in the system of security resulting in the loss of the data. It must learn that such an
experienced company like Yahoo can make such a mistake that the entire company has to suffer
from such a hardship. Yahoo, on the other hand, should learn one of the most important facts
from the Facebook Company, that, by acting quick, the severity of the incidents can be brought
under control. With the precautionary measures undertaken by the company, it has been able to
cease the hacking attack to 50 million people, which is one of the most important parts of the
incident responses in the company (Whitler and Farris 2017).

6SECURITY BREACH
Reflection:
From the above report, I have understood the severity of the data breach in an
organization. Yahoo, Facebook these are the contemporary business giants. Yahoo which is one
of the oldest search engines in use has experienced one of the most devastating attacks in 2013.
The attack has completely broken the entire information system of the company. Loosing of
around 3 billion customer information in the hands of the unauthorised foreign entity is of the
greatest nightmares of each and every company. Yahoo has almost survived this attack.
Facebook, which is one of the most used and preferred applications of all time, since its release
in the play stores, has lost 50 million data of the customers. I think that the severity of the
incidents should raise awareness amongst the other companies making use of the information
technology for the protection of the data. however, the companies should lay emphasis upon the
process of encryption and extra security for the purposes of the database and other inventory and
data asset protection to control the severity of the loss of the data. All the information that has
been compromised during the data breach have hampered the privacy and the integrity of the
data. I think that the customers will now think twice before handing their assets over to the
company. I have also learned that by avoiding the scenario or by not paying enough attention to
the issues can lead to the increasing severity of the organization. however, the loss could have
been avoided by agreeing to the security measures and by the acceptance of the Cyber Insurances
as well.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7SECURITY BREACH
References:
Brill, A. and Smolanoff, J., 2017. When You Have Suffered a Data Breach, Attribution May Be
Useful, But Hacking Back? Not So Much!. International Law Quarterly, 33(2), pp.14-15.
Cadwalladr, C. and Graham-Harrison, E., 2018. Revealed: 50 million Facebook profiles
harvested for Cambridge Analytica in major data breach. The guardian, 17, p.22.
Cheng, L., Liu, F. and Yao, D., 2017. Enterprise data breach: causes, challenges, prevention, and
future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 7(5),
p.e1211.
Crabb, J., 2017. Yahoo/Verizon: the changing role of MACs. International Financial Law
Review.
Hikmah, Y. and Adam, F.F., 2020, April. Analysis of Cyber Insurance Potential in Indonesia.
In 3rd International Conference on Vocational Higher Education (ICVHE 2018) (pp. 120-125).
Atlantis Press.
Manworren, N., Letwat, J. and Daily, O., 2016. Why you should care about the Target data
breach. Business Horizons, 59(3), pp.257-266.
Miller, L., 2018. Cybersecurity insurance: Incentive alignment solution to weak corporate data
protection. Available at SSRN 3113771.
Ritenour, E.R., 2020. Hacking and Ransomware: Challenges for Institutions Both Large and
Small. American Journal of Roentgenology, 214(4), pp.736-737.
Team, V.R., 2015. 2015 data breach investigations report.
Thielman, S., 2016. Yahoo hack: 1bn accounts compromised by biggest data breach in
history. The Guardian, 15, p.2016.
Trautman, L.J. and Ormerod, P.C., 2016. Corporate Directors' and Officers' Cybersecurity
Standard of Care: The Yahoo Data Breach. Am. UL Rev., 66, p.1231.
Trautman, L.J. and Ormerod, P.C., 2016. Corporate Directors' and Officers' Cybersecurity
Standard of Care: The Yahoo Data Breach. Am. UL Rev., 66, p.1231.
Wear, J.D., Flowers, R., Black, K.D., Godfrey, L.D. and Anderson, R.D., 2018. RECENT
DEVELOPMENTS IN CYBERSECURITY AND DATA PRIVACY. Tort Trial & Insurance
Practice Law Journal, 53(2), pp.291-313.
Weedon, J., Nuland, W. and Stamos, A., 2017. Information operations and Facebook. Retrieved
from Facebook: https://fbnewsroomus. files. wordpress. com/2017/04/facebook-and-
information-operations-v1. pdf.
Whitler, K.A. and Farris, P.W., 2017. The impact of cyber attacks on brand image: Why
proactive marketing expertise is needed for managing data breaches. Journal of Advertising
Research, 57(1), pp.3-9.

8SECURITY BREACH

1 out of 9

+13062052269

info@desklib.com

Yahoo Data Breach Case Assignment

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

JP Morgan Data Breach

Analysis Of Corporation Breaches

WannaCry Ransomware Attack Analysis

One of the Privacy Violation Incidence of Yahoo

Preventing Ransomware Attacks

Analysis of Security Issues