Topic: Breaches
Equifax Suffers Potentially Massive Breach, Handles Fallout Terribly (Sep 8, 2017)
This content requires a subscription to Tech Narratives. Subscribe now by clicking on this link, or read more about subscriptions here.
Yahoo Fires General Counsel and Docks Marissa Mayer’s Bonus and Stock Award (Mar 1, 2017)
It looks like Yahoo is finally announcing the results of its independent investigation into the security breaches of the last few years, and as a result its general counsel is stepping down and CEO Marissa Mayer is losing her bonus and equity grant for the year, a decision apparently made by the board. Yahoo’s 10-K, also released today, gives a little more detail on the investigation, which was carried out by members of the board, assisted by outside counsel and a forensics expert. The investigation concluded that senior executives “did not properly comprehend or investigate, and therefore failed to act sufficiently upon, the full extent of knowledge known internally by the Company’s information security team.” That implies that it was executives and not security specialists within the company who messed up here, which explains why Mayer and general counsel Ronald Bell were punished. The paragraph on the findings is worth reading in full as it’s fairly damning about internal communication at Yahoo at the time. And yet this is all part of clearing the decks before Verizon takes over, at which point it will be hoping to put all this behind it. Not the best way for Mayer to go out, but I think that was inevitable at this point.
via Marissa Mayer (Tumblr) – see also Yahoo’s 10-K (p.46-7)
Yahoo reportedly under investigation by SEC over data breaches | VentureBeat (Jan 23, 2017)
The only Yahoo stories I’ve covered here on Tech Narratives so far are those concerning the breaches and subsequent fallout, which is a great indicator of Yahoo’s current state – the only news it’s capable of making is negative, with no meaningful new features or products produced in recent months, while the damage from the breaches continues to reverberate, with a formal SEC investigation just the latest step. Verizon seems to be leaning towards completing its acquisition despite all this, but at the very least should secure a significant discount in the price it will pay as a result of all this. Though the user fallout will be far less severe than the negative press coverage, Verizon will still have to deal with all the ongoing ripple effects of the breaches, and that’s worth a significant cut in the acquisition price.
via Yahoo reportedly under investigation by SEC over data breaches | VentureBeat (full coverage on Techmeme)
Hacker Steals 900 GB of Cellebrite Data – Motherboard (Jan 12, 2017)
Cellebrite was in the news about nine months ago because Bloomberg reported it was the security firm the FBI used to hack the San Bernardino shooter’s iPhone after Apple refused to help, though the Washington Post contradicted those reports. Whether or not its technology was used in that particular case, that’s exactly the sort of work Cellebrite regularly does for US and other government agencies, and it appears that it has itself now been hacked. It’s not clear that the hack goes beyond some user data, though there’s a vague reference to technical data in the article, but this sort of thing reinforces the sense that no hacks of encryption or other security technologies, even for apparently noble reasons, can ever be deemed 100% safe from being hacked themselves. That, of course, was one of several arguments Apple made in the FBI case.
via Hacker Steals 900 GB of Cellebrite Data | Motherboard
Plenty of users sticking with Yahoo despite data breaches – San Francisco Chronicle (Jan 2, 2017)
As per a previous piece I linked to, despite all the attention the various Yahoo breaches have received in the press, they’ll likely have little impact on usage, which makes it likely Verizon will go ahead with the acquisition, though it may use the breaches as leverage to lower the price. The key point is that users have short memories, and the very people still using Yahoo (largely out of apathy in a world with better alternatives) are least likely to jump ship, which obviously helps.
via Plenty of users sticking with Yahoo despite data breaches – San Francisco Chronicle