Comprehensive Report: The Yahoo Data Breach, Privacy, and Security
VerifiedAdded on 2021/06/14
|10
|2184
|116
Report
AI Summary
This report provides a comprehensive analysis of the 2017 Yahoo data breach, detailing the circumstances of the hack, the number of affected users, and the financial impact on Yahoo and its parent company, Verizon. It explores the implications of the breach, including privacy law violations, the reuse of passwords, and the potential for future attacks. The report examines the impact on consumer safety and well-being, including increased vigilance, changes in consumer trust, and shifts in consumer attitudes toward financial institutions. Furthermore, the report offers several recommendations to the organization to improve client privacy, such as educating clients on security risks, minimizing data transfers to external devices, and encouraging the use of encrypted devices. The conclusion emphasizes the increasing threat of cybercrime, particularly in the banking sector, and the need for immediate action to prevent further data breaches and financial losses.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
My Health Record
Name
Institutional Affiliation
Name
Institutional Affiliation
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Yahoo Hack
Introduction
The hack involved Yahoo Company and happened in 2017 following other recent hacks
reported by the company quietly (Das, Dabbish & Hong, 2018, April). The data breach that
happened in 2013 August involved more than 1 billion user accounts which were later
discovered that all the 3 billion user accounts were involved. The company that was greatly
affected was Verizon which was purchasing yahoo for a deal of $4.8 billion (Crabb, 2017).
This hack was noticed to the users through yahoo official notification sent to Yahoo
accounts holders and read "Based on the ongoing investigation; we believe a forged cookie may
have been used in 2015 or 2016 to access your accounts" (Solove& Schwartz, 2014).
However, it was not clear what total number of customers were affected since the
company did not know the exact number and also had only realized it after the long period just
like in the case of 2013 breach that involved more than 3 billion accounts users(Solove&
Schwartz, 2014).
The company linked the hack to have been facilitated by the state actorthrough use of
sophisticated cookie(Sengottuvel,Hussain& BIST).
This hack deserves close attention because it involves a majority of people who send and
receive very private and confidential information using yahoo email accounts. The information is
crucial for Companies and may be used to deny them benefits in the markets if seen by
competitors(Crabb, 2017).
Introduction
The hack involved Yahoo Company and happened in 2017 following other recent hacks
reported by the company quietly (Das, Dabbish & Hong, 2018, April). The data breach that
happened in 2013 August involved more than 1 billion user accounts which were later
discovered that all the 3 billion user accounts were involved. The company that was greatly
affected was Verizon which was purchasing yahoo for a deal of $4.8 billion (Crabb, 2017).
This hack was noticed to the users through yahoo official notification sent to Yahoo
accounts holders and read "Based on the ongoing investigation; we believe a forged cookie may
have been used in 2015 or 2016 to access your accounts" (Solove& Schwartz, 2014).
However, it was not clear what total number of customers were affected since the
company did not know the exact number and also had only realized it after the long period just
like in the case of 2013 breach that involved more than 3 billion accounts users(Solove&
Schwartz, 2014).
The company linked the hack to have been facilitated by the state actorthrough use of
sophisticated cookie(Sengottuvel,Hussain& BIST).
This hack deserves close attention because it involves a majority of people who send and
receive very private and confidential information using yahoo email accounts. The information is
crucial for Companies and may be used to deny them benefits in the markets if seen by
competitors(Crabb, 2017).
How the company was affected
According to a report by Bloomberg, Verizon, the yahoo parent company which was in
the process of acquiring it slashed the price to be paid by telecom service to yahoo by at least
$250 million after the two security breaches were revealed the previous year(Crabb, 2017). This
made it doubtful even if the deal would go through(Moustafa, 2016).
Following the attack CEO Marissa Mayer Lost her bonuses and wrote a note that was
published on Tumbler stating that, "When I learned in September 2016 that a large number of
our user database files had been stolen, I worked with the team to disclose the incident to users,
regulators, and government agencies(Porteous, 2018). "However, I am the CEO of the company
and since this incident happened during my tenure, I have agreed to forgo my annual bonus and
my annual equity grant this year and have expressed my desire that my bonus be redistributed to
our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016."
She said(Williams, Axon, Nurse, &Creese, 2016, September).
Explain the implications associated with this breach, specifically in terms of privacy laws
and violations of the law.
There is danger of people reusing their password when accessing other web accounts.
This would mean that the hacker is likely to further continue exploiting and victimizing those
affected when using yahoo accounts(Das, Lo, Dabbish, & Hong, 2018). This means that Yahoo
customers may be at risks of further breaches and may not be in a position to blame
According to a report by Bloomberg, Verizon, the yahoo parent company which was in
the process of acquiring it slashed the price to be paid by telecom service to yahoo by at least
$250 million after the two security breaches were revealed the previous year(Crabb, 2017). This
made it doubtful even if the deal would go through(Moustafa, 2016).
Following the attack CEO Marissa Mayer Lost her bonuses and wrote a note that was
published on Tumbler stating that, "When I learned in September 2016 that a large number of
our user database files had been stolen, I worked with the team to disclose the incident to users,
regulators, and government agencies(Porteous, 2018). "However, I am the CEO of the company
and since this incident happened during my tenure, I have agreed to forgo my annual bonus and
my annual equity grant this year and have expressed my desire that my bonus be redistributed to
our company’s hardworking employees, who contributed so much to Yahoo’s success in 2016."
She said(Williams, Axon, Nurse, &Creese, 2016, September).
Explain the implications associated with this breach, specifically in terms of privacy laws
and violations of the law.
There is danger of people reusing their password when accessing other web accounts.
This would mean that the hacker is likely to further continue exploiting and victimizing those
affected when using yahoo accounts(Das, Lo, Dabbish, & Hong, 2018). This means that Yahoo
customers may be at risks of further breaches and may not be in a position to blame
anyone(Williams, Axon, Nurse, &Creese, 2016, September). Although changing thesepasswords
needs a lot of time yahoo users should take time and change them(Lachezarov&Vasileva, 2017).
There is fear of the attackers becoming persistence and finding ways of remaining
unnoticed and attack yahoo once again(Lange, & Burger, 2017). Yahoo should, therefore, ensure
it has completely remediated threats through carrying out complex operations on its sites(Das,
Lo, Dabbish, & Hong, 2018).
Three recent studies put the cost of breach at $ $170,000, $861,000 and $4
million(Lachezarov&Vasileva, 2017). For example, Kaspersky once reported that average
security incident cost enterprises $861,000. This costs estimates came from enterprises
themselves without the involvement of a third party(Har Carmel, 2016).
USA TODAY reported that an FBI reports indicated that there are more than 500 million
records that were stolen and involved financial institutions in 12 months due to Cyberattacks
(Har Carmel, 2016). This is a serious issue that affects the US today as lawmakers that stated that
the financial sectors are the main target institutions in the US (Ifijeh, 2014).
Analyze the impact that these technological breaches have on consumer safety and well-
being
Consumers are becoming more vigilant
John Gunn is a VASCO Data Security vice president of communications and states that "We all
look at our bank statements a hell of a lot more carefully than 20 years ago”(Porteous, 2018). His
firm provides authentication software for financial institutions (Wagh, 2013). Experts say that
needs a lot of time yahoo users should take time and change them(Lachezarov&Vasileva, 2017).
There is fear of the attackers becoming persistence and finding ways of remaining
unnoticed and attack yahoo once again(Lange, & Burger, 2017). Yahoo should, therefore, ensure
it has completely remediated threats through carrying out complex operations on its sites(Das,
Lo, Dabbish, & Hong, 2018).
Three recent studies put the cost of breach at $ $170,000, $861,000 and $4
million(Lachezarov&Vasileva, 2017). For example, Kaspersky once reported that average
security incident cost enterprises $861,000. This costs estimates came from enterprises
themselves without the involvement of a third party(Har Carmel, 2016).
USA TODAY reported that an FBI reports indicated that there are more than 500 million
records that were stolen and involved financial institutions in 12 months due to Cyberattacks
(Har Carmel, 2016). This is a serious issue that affects the US today as lawmakers that stated that
the financial sectors are the main target institutions in the US (Ifijeh, 2014).
Analyze the impact that these technological breaches have on consumer safety and well-
being
Consumers are becoming more vigilant
John Gunn is a VASCO Data Security vice president of communications and states that "We all
look at our bank statements a hell of a lot more carefully than 20 years ago”(Porteous, 2018). His
firm provides authentication software for financial institutions (Wagh, 2013). Experts say that
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
more and more people today are becoming more vigilant when monitoring their transactions and
respond to alerts from banks if the withdrawals or charges seem suspicious(Kang, Dabbish,
Fruchter, &Kiesler, 2015, July). When consumers become more vigilant, it gives them an
opportunity to hold accountable financial institutions in which they entrusted their money in case
of any loss as well as ensuring that no money is lost in dubious ways(Figliola,& Fischer, 2015).
Many users would opt to migrate to other companies with similar services like Yahoo and be
more selective to avoid using the similar password they used previously in yahoo(Wagh, 2013).
Consumer trust
A new FireEye report found that 6 percent of consumers surveyed would take their businesses
elsewhere if the major brands neglectfully mishandle their data just like yahoo. Therefore, high
profile breaches of data cost companies consumer trusts(Kang, Dabbish, Fruchter, &Kiesler,
2015, July). The report also found that two-thirds of respondents were ready to stop purchasing
from companies that they suspected that data breach was associated with boards failing to
prioritize cybercrime(Kang, Dabbish, Fruchter, &Kiesler, 2015, July). For instance, Verizon lost
$ 250 million be reviewing its pricing after two breaches were revealed.
Consumer change of attitude
When important personal information has been exposed more especially concerning individual
financial status, the result is the development of negative attitude towards the Company which
they had entrusted with their private and confidential information (Kang, Dabbish, Fruchter,
&Kiesler, 2015, July). Also, consumers may opt to stop keeping their money in banks or
respond to alerts from banks if the withdrawals or charges seem suspicious(Kang, Dabbish,
Fruchter, &Kiesler, 2015, July). When consumers become more vigilant, it gives them an
opportunity to hold accountable financial institutions in which they entrusted their money in case
of any loss as well as ensuring that no money is lost in dubious ways(Figliola,& Fischer, 2015).
Many users would opt to migrate to other companies with similar services like Yahoo and be
more selective to avoid using the similar password they used previously in yahoo(Wagh, 2013).
Consumer trust
A new FireEye report found that 6 percent of consumers surveyed would take their businesses
elsewhere if the major brands neglectfully mishandle their data just like yahoo. Therefore, high
profile breaches of data cost companies consumer trusts(Kang, Dabbish, Fruchter, &Kiesler,
2015, July). The report also found that two-thirds of respondents were ready to stop purchasing
from companies that they suspected that data breach was associated with boards failing to
prioritize cybercrime(Kang, Dabbish, Fruchter, &Kiesler, 2015, July). For instance, Verizon lost
$ 250 million be reviewing its pricing after two breaches were revealed.
Consumer change of attitude
When important personal information has been exposed more especially concerning individual
financial status, the result is the development of negative attitude towards the Company which
they had entrusted with their private and confidential information (Kang, Dabbish, Fruchter,
&Kiesler, 2015, July). Also, consumers may opt to stop keeping their money in banks or
financial institutions as they have negative feelings towards banking sectors(Singh, 2013). When
consumers are affected by the privacy concerns, they even develop hatred towards banking
sector and may opt never to transact any business with them again(Singh, 2013).
What recommendations would you make to this organization to further protect the privacy
of clients?
Banking sector should educate their client on the risks involved in the banking sector and
educate them on measures they should take to minimize the losses from hacking(Shackelford,
Proia, Martell & Craig, 2015). For instance, they should let them know it is dangerous to click on
links from "banking" which they never requested on their emails(Michael, & Clarke, 2013).
Every banking or financial institution should minimize transfer of data from one device
to external devices(Singh, 2013). This will help prevent data availability in several platforms
which pose a danger to the security of data and client information(Singh, 2013). This is because
when one loses the external device like hard disk, the data inside becomes risk(Williams, Axon,
Nurse, &Creese, 2016, September).
The company should encourage the use of encrypted devices such as laptops and phones
that are portable. This will help to reduce the risk of invasion to privacy in case where one may
misplace the device (Michael, & Clarke, 2013).
consumers are affected by the privacy concerns, they even develop hatred towards banking
sector and may opt never to transact any business with them again(Singh, 2013).
What recommendations would you make to this organization to further protect the privacy
of clients?
Banking sector should educate their client on the risks involved in the banking sector and
educate them on measures they should take to minimize the losses from hacking(Shackelford,
Proia, Martell & Craig, 2015). For instance, they should let them know it is dangerous to click on
links from "banking" which they never requested on their emails(Michael, & Clarke, 2013).
Every banking or financial institution should minimize transfer of data from one device
to external devices(Singh, 2013). This will help prevent data availability in several platforms
which pose a danger to the security of data and client information(Singh, 2013). This is because
when one loses the external device like hard disk, the data inside becomes risk(Williams, Axon,
Nurse, &Creese, 2016, September).
The company should encourage the use of encrypted devices such as laptops and phones
that are portable. This will help to reduce the risk of invasion to privacy in case where one may
misplace the device (Michael, & Clarke, 2013).
Conclusion
Today cybercrime has extended to banking sectors where money is the main target of the
hackers. Of recent, it has been reported a loss of $ 1 billion in world banking sectors posing a big
threat to the world economy and suffering of banking customers. Today, the US banking sectors
become the biggest target of all sectors by the cyberhackers which requires measurable steps to
be taken by the government and banking sector to prevent the mess. If immediate action is not to
be taken and fast detection made before an extension of data vulnerability to the criminals,
greater losses are a guarantee.
Today cybercrime has extended to banking sectors where money is the main target of the
hackers. Of recent, it has been reported a loss of $ 1 billion in world banking sectors posing a big
threat to the world economy and suffering of banking customers. Today, the US banking sectors
become the biggest target of all sectors by the cyberhackers which requires measurable steps to
be taken by the government and banking sector to prevent the mess. If immediate action is not to
be taken and fast detection made before an extension of data vulnerability to the criminals,
greater losses are a guarantee.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
References
Crabb, J. (2017). Yahoo/Verizon: the changing role of MACs. International Financial Law
Review.
Das, S., Lo, J., Dabbish, L., & Hong, J. I. (2018, April). Breaking! A Typology of Security and
Privacy News and How It's Shared. In Proceedings of the 2018 CHI Conference on Human
Factors in Computing Systems (p. 1). ACM.
Figliola, P. M., & Fischer, E. A. (2015). Overview and issues for implementation of the federal
cloud computing initiative: Implications for federal information technology reform management.
US Congressional Research Service (CRS), 1.
Har Carmel, Y. (2016). Regulating'Big Data Education in Europe: Lessons Learned from the US.
Browser Download This Paper.
Ifijeh, G. (2014). Adoption of digital preservation methods for theses in nigerian academic
libraries: Applications and implications. The Journal of Academic Librarianship, 40(3-4), 399-
404.
Crabb, J. (2017). Yahoo/Verizon: the changing role of MACs. International Financial Law
Review.
Das, S., Lo, J., Dabbish, L., & Hong, J. I. (2018, April). Breaking! A Typology of Security and
Privacy News and How It's Shared. In Proceedings of the 2018 CHI Conference on Human
Factors in Computing Systems (p. 1). ACM.
Figliola, P. M., & Fischer, E. A. (2015). Overview and issues for implementation of the federal
cloud computing initiative: Implications for federal information technology reform management.
US Congressional Research Service (CRS), 1.
Har Carmel, Y. (2016). Regulating'Big Data Education in Europe: Lessons Learned from the US.
Browser Download This Paper.
Ifijeh, G. (2014). Adoption of digital preservation methods for theses in nigerian academic
libraries: Applications and implications. The Journal of Academic Librarianship, 40(3-4), 399-
404.
Kang, R., Dabbish, L., Fruchter, N., &Kiesler, S. (2015, July). my data just goes everywhere:”
user mental models of the internet and implications for privacy and security. In Symposium on
Usable Privacy and Security (SOUPS) (pp. 39-52). Berkeley, CA: USENIX Association.
Lachezarov, K. L., &Vasileva, S. Z. (2017).SOME ETHICAL ISSUES OF FORMATION OF
THE GLOBAL INFORMATION SOCIETY.Современныетенденцииразвитиянауки и
технологий, 125.
Lange, R., & Burger, E. W. (2017). Long-term market implications of data breaches, not.
Journal of Information Privacy and Security, 1-21.
Michael, K., & Clarke, R. (2013). Location and tracking of mobile devices: Überveillance stalks
the streets. Computer Law & Security Review, 29(3), 216-228.
Moustafa, K. (2016). Internet and advertisement.Science and engineering ethics, 22(1), 293-296.
Porteous, H. (2018).Cybersecurity: Technical and Policy Challenges.
Shackelford, S. J., Proia, A. A., Martell, B., & Craig, A. N. (2015). Toward a global
cybersecurity standard of care: Exploring the implications of the 2014 NIST Cybersecurity
Framework on shaping reasonable national and international cybersecurity practices. Tex. Int'l
LJ, 50, 305.
user mental models of the internet and implications for privacy and security. In Symposium on
Usable Privacy and Security (SOUPS) (pp. 39-52). Berkeley, CA: USENIX Association.
Lachezarov, K. L., &Vasileva, S. Z. (2017).SOME ETHICAL ISSUES OF FORMATION OF
THE GLOBAL INFORMATION SOCIETY.Современныетенденцииразвитиянауки и
технологий, 125.
Lange, R., & Burger, E. W. (2017). Long-term market implications of data breaches, not.
Journal of Information Privacy and Security, 1-21.
Michael, K., & Clarke, R. (2013). Location and tracking of mobile devices: Überveillance stalks
the streets. Computer Law & Security Review, 29(3), 216-228.
Moustafa, K. (2016). Internet and advertisement.Science and engineering ethics, 22(1), 293-296.
Porteous, H. (2018).Cybersecurity: Technical and Policy Challenges.
Shackelford, S. J., Proia, A. A., Martell, B., & Craig, A. N. (2015). Toward a global
cybersecurity standard of care: Exploring the implications of the 2014 NIST Cybersecurity
Framework on shaping reasonable national and international cybersecurity practices. Tex. Int'l
LJ, 50, 305.
Sengottuvel, P., Hussain, J. H., & BIST, B. Ethical Hacking.
Singh, V. P. (2013). Dam breach modeling technology (Vol. 17).Springer Science & Business
Media.
Solove, D. J., & Schwartz, P. (2014). Information privacy law.Wolters Kluwer Law & Business.
Wagh, R. (2013). Comparative Analysis of Trends of Cyber Crime Laws in USA and
India.International Journal of Advanced Computer Science and Information Technology, 2(1),
pp-42.
Williams, M., Axon, L., Nurse, J. R., &Creese, S. (2016, September). Future scenarios and
challenges for security and privacy. In Research and Technologies for Society and Industry
Leveraging a better tomorrow (RTSI), 2016 IEEE 2nd International Forum on (pp. 1-6).IEEE.
Singh, V. P. (2013). Dam breach modeling technology (Vol. 17).Springer Science & Business
Media.
Solove, D. J., & Schwartz, P. (2014). Information privacy law.Wolters Kluwer Law & Business.
Wagh, R. (2013). Comparative Analysis of Trends of Cyber Crime Laws in USA and
India.International Journal of Advanced Computer Science and Information Technology, 2(1),
pp-42.
Williams, M., Axon, L., Nurse, J. R., &Creese, S. (2016, September). Future scenarios and
challenges for security and privacy. In Research and Technologies for Society and Industry
Leveraging a better tomorrow (RTSI), 2016 IEEE 2nd International Forum on (pp. 1-6).IEEE.
1 out of 10
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.