I’ve had a Yahoo account since forever. At points I was using it for successive fantasy football leagues, but mostly it was an early stop on the way to finding something else. I can’t say I ever hung out there. The emergence of Google fairly well killed its usefulness for me; for most, I imagine. Yahoo’s aggregated content was always a collection of things I could better find on other sites, or more recently on an iPhone app.
This week’s revelation of a billion accounts hacked in 2013 tops their previous report of a half-billion hacked a year later. We’re only finding out about it now because Yahoo lacks the data integrity, security, and continual penetration testing required by major online players. They weren’t even aware they’d been breached until recently. Even then, reports indicate their resistance to the news.
Sure, I changed my password when early word broke. I enabled two-factor authentication, too, as I’ve done on every other service where I could, and so should you. What didn’t happen after the breach makes those efforts pointless in the case of Yahoo.
Think about it: one billion accounts. At the time the hack occurred, that was one-sixth the world’s total population. Not the internet-using population, but everyone. To have been penetrated to that degree is bad enough. To have resisted acknowledging it is unforgivable.
At what point did my data become public knowledge? If I’d actually used my Yahoo email account for anything, how much of my private conversations became fodder for the dark web’s data mining efforts? What did they glean, and how has it affected me and those with whom I communicate? I can’t know that, because it all happened an eon ago in internet time. Who knows what I said or did back then?
Here’s what happened when a security firm, having acquired what was being hawked on the dark web, approached the company (The NYT):
InfoArmor did not go to Yahoo directly, Mr. Komarov said, because the internet giant was dismissive of the security firm when approached by an intermediary. He also said he did not trust Yahoo to thoroughly investigate the breach since it could threaten the sale to Verizon.
The value of their users as product did not justify the cost of revealing the breach, it would seem.
I suspect this latest bit of news will lead to Yahoo’s end. Verizon is looking to get into the content business, rather than being relegated to the role to which they’re best suited: provider of dumb pipes in the internet’s plumbing. How much liability is Verizon assuming with their prospective purchase, though? Unlike Google or Apple or Microsoft, who have yet to suffer a major breach, Yahoo just isn’t very good at data security. How much value does the one billion-strong user base represent? Are these current users, or are they one-time users with zombie accounts lying dormant?
Yahoo’s been irrelevant for a long while, Marissa Mayer’s efforts notwithstanding. That they simply can’t be trusted to keep their users (it’s a free service, so users are rightly labeled “products”) safe from, or at least aware of private data loss is the final straw. Yahoo needs to go away. They’ve already been replaced. Here’s how you can take care of yourself.
I can vote my dissatisfaction with dollars by spending them elsewhere, but when I’m on a free service and relegated to the role of eyeballs-on-advertisers the only thing I hold sway over is my attention. I’ve not been present on Yahoo for a while, and with the click of a mouse and deletion of my account I never again will be. I wonder where else my data is leaking?
Facebook, I’m looking at you. Maybe you’re next.