Just a few months after Yahoo disclosed a 2014 breach of 500 million user accounts, the company today revealed this was preceded by a 1 billion account breach in 2013, in which the hackers took everything: hashed passwords, names, email addresses, phone numbers, dates of birth, and possibly the tools necessary to forge login cookies that would bypass password checks altogether.
What do you do if your ailing internet giant has been outed for losing, and then keeping silent about, 500 million user accounts, then letting American spy agencies install a rootkit on its mail service, possibly scuttling its impending, hail-mary acquisition by a risk-averse, old economy phone company? Just cancel your investor call and with it, any chance of awkward, on-the-record questions. (via /.) Read the rest
A week after the revelations that Yahoo illegally allowed American spies to access all Yahoo users' email (possibly via a dangerous rootkit), and two weeks after admitting that 500,000,000 Yahoo Mail users' passwords were leaked years previously, possibly to a "state actor," the company has disabled email forwarding for Yahoo Mail users. Read the rest
Ex-Yahoo employees have spoken anonymously to Motherboard about the news that Yahoo had built an "email scanner" for a US security agency, likely the FBI or the NSA. These sources -- at least one of whom worked on the security team -- say that in actuality, the NSA or FBI had secretly installed a "rootkit" on Yahoo's mail servers and that this was discovered by the Yahoo security team (who had not been apprised of it), who, believing the company had been hacked, sounded the alarm, only to have the company executives tell them that the US government had installed the tool. Read the rest
Yahoo email accounts were scanned by the company on behalf of U.S. intelligence services from last year. This represents the first example of a U.S. service provider providing complete access to "all arriving messages," reports Reuters.
It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.
Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.
According to the two former employees, Yahoo Chief Executive Marissa Mayer's decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc.
It might not seem terribly meaningful to users, given the revelation that 500m Yahoo accounts (surely all of its users, or close to it) were hacked anyway, but there's a difference between a one-off break-in and a standing invitation. Over four years of Mayer's leadership, Yahoo suffered a "stunning collapse in valuation" and was sold to Verizon for $4.83bn. Completion of the deal is reportedly threatened by the recent stories about Yahoo's security failings. Read the rest
In 2015, Yahoo CEO Marissa Meyer ordered the company's engineers to build a tool that scanned Yahoo Mail messages in realtime for "characters" of interest to a US security agency, either the FBI or the NSA. Read the rest
Yahoo today confirmed that it suffered a massive data breach that exposed information for at least 500 million user accounts in 2014. If you have a Yahoo account, the company says you should review all your online accounts for any suspicious activity.
Marissa Mayer has a nice executive pay package coming her way if she is terminated from Yahoo.
Read the rest
The CEO of the embattled online news site, currently trying to sell itself, is entitled to severance benefits valued at $54.9 million in case she is terminated without cause, according to a regulatory filing after the market closed Friday. The potential payout would also be triggered by a "change of control," which includes the sale of the company, according to the filing.
Mayer's potential payout includes cash severance of $3 million, $26,324 to continue her health benefits, $15,000 for outplacement, and—if that's enough—nearly $52 million worth of accelerated restricted stock and options.
Twenty-one years ago, Yahoo became the soul of the nascent web. Now it's telco food, to be eaten by Verizon for $5bn.
Verizon is also the proud owner of AOL, snagged last year for $4.4bn. At their height, the two lynchpins of the 90s' WWW were worth about $350 billion—at least to those unlucky enough to buy tech shares in 2000.
Verizon plans to unite the two companies to create a Facebook-killer made of nostalgia and its own users' personal information—and the zoo of startups and internet publishers the two companies gobbled up in their dying years.
The US telecoms giant is expected to merge Yahoo with AOL, to create a digital group capable of taking on the likes of Google and Facebook.
Verizon bought AOL - another faded internet star -in a $4.4bn deal last year, which gave it ownership of the Huffington Post, Techcrunch, Engadget and other news sites.
Shortly afterwards, Verizon announced it would start combining data about its mobile network subscribers - which is tied to their handsets - with the tracking information already gathered by AOL's sites.
Update: It struck me that Yahoo is custodian of Tumblr and Yahoo Answers, two of the last real refuges for girls and young women on the 'net. Verizon will want to kill or heavily sanitize both. Read the rest
Would it be a fitting end, for one of the first and greatest of the American web's dreams, to be eaten by the most infamous of British tabloids?
The parent company of the Daily Mail, the British newspaper and global tabloid website, is in talks with several private-equity firms to launch a bid for Yahoo, the people said. ... A possible bid by Daily Mail could take one of two forms, the people familiar with the matter said. In one scenario, a private-equity partner would aim to acquire the entirety of Yahoo’s U.S. operation, with the Mail taking over the news and media properties. Those assets include verticals such as Yahoo Finance and Yahoo Sports plus Yahoo News and a video operation whose big star is Katie Couric. Yahoo has been retrenching in those businesses—in February the company closed seven digital magazines including sites dedicated to food, parenting and health. In the other scenario, the private-equity firm would acquire Yahoo and merge its media and news properties into a new company that would include the Mail’s Web properties, DailyMail.com and Elite Daily, the people said. The Mail would run that business and would get a larger equity stake than under the first scenario.
Yahoo's core business is hard to value because of holdings in successful foreign companies such as Alibaba. At one point, its fortunes were so dire that squinting at it just right made the company seem to have negative value. More recently, an analyst put it at $4.3 billion. Read the rest
The company says it's not policy to do this -- yet -- but they're testing locking Yahoo Mail users out of their accounts unless they turn off ad-blocking. Read the rest
Darryl Anka telepathically channels a space alien from the future named Bashar who lives on the planet Essassani; on this basis, he has claimed many copyright infringements in the creations of Tumblr's GIF artists. Read the rest
Why would a CEO be so tone-deaf as to call a mass-firing a "remix?" Because the only audience that matters today are shareholders, not the public. Read the rest
During Monday's Cybersecurity for a New America conference in DC, Yahoo's Chief Information Security Officer Alex Stamos stood up and had an intense verbal showdown with NSA director Mike Rogers about the NSA's plan to ban working crypto, in which the nation's top spook fumfuhed and fumbled to explain how this idea isn't totally insane. Read the rest