Information Systems Case Study: An Analysis of the Yahoo Data Breach

Verified

Added on 2022/08/12

AI Summary

This case study examines the significant data breaches experienced by Yahoo, detailing the circumstances surrounding the cyberattacks in 2013 and 2016 that compromised over a billion user accounts. The analysis explores the vulnerabilities within Yahoo's database security, including weak encryption and inadequate defenses against sophisticated hacking techniques. It investigates the delayed public disclosure of the breaches and the resulting impact on public trust and Verizon's acquisition plans. The case study highlights the types of data compromised, such as email addresses and personal information, and discusses the potential for misuse. It also delves into preventative measures, such as limiting employee access and implementing stronger security protocols. The analysis includes the CIO's perspective and references relevant academic literature on data breaches and information security.

Running head: INFORMATION SYSTEMS
INFORMATION SYSTEMS
Name of the Student:
Name of the University:
Author’s Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1INFORMATION SYSTEMS
Reason of Breaches:-
On 2016, 22nd September, Yahoo openly revealed that over one billion account evidence
was hacking in mid-2013. In 2016 they also disclosed that more than 500 million data are
misplaced for the second cyber-attack. An unknown illegal third party directed the Yahoo data
breach. The attacks mainly occurred for the weak database and lack of security issues (Thomas et
al., 2017). The defenses applied for a database covering the personal and login evidence were
inadequate to defend against the progressive approaches used by the cyber attackers. In this
circumstance, the encryption technique active in the database was ruined by the hacker. The
attackers took the evidence illegally from Yahoo gently and carefully to not draw focus to the
data break taking place.
Impression in public Eye:-
These attacks are not disclosed at the initial time. Two years later, the yahoo authority
declared their database was hacked, and any information was stolen. The main reason behind that
if the public knows about this incident. The people suffering from panic and also lose their faith
from Yahoo. It is very much dangerous situation for their business. If persons do not know a
hack has happened and that they want to take these protecting steps, they remain exposed.
Since the hacks were shocking and extensive to a maximum of Yahoo's client base,
Verizon is taking another opinions about the acquisition. The data break will take a substantial
impression on the contract records and the probability that it will necessarily occur (Wang &
Park, 2017). Yahoo will take to satisfy Verizon that the break will not disturb future procedures
in the business and that more safety structures have been and will be executed.
It is also demanding that Yahoo also misinforms Verizon with false evidence and ended
up validation a stock arrangement containing no data about the significant break. The deficiency
of cybersecurity responsibility protection caused it to be the one business that could not be
reliable with confidentiality and safe defense of sensitive information.
Damage:-
For these attacks, the hackers are collecting a huge number of e-mail informations, street
addresses, telephone details, unencrypted safety queries, and responses. It is a fact that the

2INFORMATION SYSTEMS
hackers are not collect any financial information from the database (Buckman et al., 2017). In the
first release, the yahoo declares that there are approximately 1million data are hacked. After the
publishing of the second release, the people observe that the data number is more than 500
million.
It’s avoidable or not:-
The hackers are very much careful about this data theft. The hacking was not directly
detected, and the cyber attacker had sufficient time to control the evidence in an economically,
private, or politically advantageous manner. The hacker in the 2014 breach was capable of
accessing Yahoo's customer database over a phishing campaign. If definite workers are given
different access permissions, one negotiated employee account will have less harm liable on their
access level to the business’s sensitive evidence. In the circumstance of Yahoo, access to the
client database must only be given to an insignificant number of high-level workers that have a
necessity for the evidence.
Refer to the forensics experts and law enforcement about a reasonable time to restart
operations. The forensics group will remain to strictly observe the actions of the operators and
workers as it supports in helping where the breach happened and to catch future interruptions if
actions are registered and supervised probably (Safa & Von Solms, 2016). The division of IT
safety that constructing in the business hierarchy always has miscalculated on their system. The
guidance from credential IT safety firms would apply the safety of any significant data of the
business. By recommending employees and users to update their structures and programs
commonly to defend themselves from identified bugs and susceptibilities. Particularly for
workers at Yahoo because their work processer’s susceptibilities could settle an entire network.
CIO statement:-
There were aims on the database due to its deficiency of safety. It was instigated due to
the underinvestment in cybersecurity processes by the high-ranking administration. After the
cyber safety team cautioned those two years before the event to analyze the safety of all its
database information (Li & Horkoff, 2014). Also, two years before the first attack happened, the
technical teams did notify Yahoo about the different malware pointing the database, which the

3INFORMATION SYSTEMS
administration chose to overlook. Hence we can realize that cybersecurity was not important at
target.
References:-
Buckman, J., Bockstedt, J., Hashim, M. J., & Woutersen, T. (2017). Do Organizations Learn
from a Data Breach?. In Workshop on the Economics of Information Security.
Li, T., & Horkoff, J. (2014, June). Dealing with security requirements for socio-technical
systems: A holistic approach. In International Conference on Advanced Information
Systems Engineering (pp. 285-300). Springer, Cham.
Safa, N. S., & Von Solms, R. (2016). An information security knowledge sharing model in
organizations. Computers in Human Behavior, 57, 442-451.
Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., ... & Margolis, D. (2017,
October). Data breaches, phishing, or malware? Understanding the risks of stolen
credentials. In Proceedings of the 2017 ACM SIGSAC conference on computer and
communications security (pp. 1421-1434).
Wang, P., & Park, S. A. (2017). COMMUNICATION IN CYBERSECURITY: A PUBLIC
COMMUNICATION MODEL FOR BUSINESS DATA BREACH INCIDENT
HANDLING. Issues in Information Systems, 18(2).