A $95 Billion Mistake
Once upon a time, Yahoo was king of the internet. They were a top dog in the early days of the internet, owned the news, and the company was estimated to be worth over $100 billion. But those were the old days. Today, Yahoo still has a massive online presence but nowhere near the world-conqueror it was back near the turn of the century. In fact, in July of this year the company was sold to Verizon for $4.8 billion. A $95 billion bargain isn’t too bad right? But Verizon is rethinking whether Yahoo is even worth that.
Because Yahoo has failed to keep its user’s information safe, and if any company, whether it’s a tech supergiant or a small dental practice, can’t keep their customer’s information safe they will fail. Period.
In 2014 Yahoo hit rock bottom. 500 million accounts were exposed to hackers in one of the largest hacks of all time. Telephone numbers, passwords, names, addresses were all stolen. To the average eye, all this data may just look like a useless list of personal information. But it’s not.
The information can be used to contact people and launch phishing or social engineering hacks. But hackers don’t even have to do that to earn a profit from this type of data. This type of personal information is valuable for two reasons. The first way a hacker can make a profit off a hack is by selling the information on the dark web to advertisers. Advertisers will use the names and addresses to flood people with ads that earn them money when clicked. But hackers can also sale the information to state actors looking to launch larger hacks against and entire nation. With the amount of data acquired from the 2014 Yahoo hack, a searchable database can be created that can be very valuable to someone with the right resources.
Like a state actor.
And that’s the reason the newest Yahoo hack is much scarier than the others before it. This month Yahoo reported that the information of 1 billion users was stolen by hackers. But none of the user information stolen has been seen for sale on the dark web yet, which means that it could be in the hands of a state actor looking to build a database to launch further attacks. So, while the number is almost double that of the last hack, the intended use of the data has potential to be much more dangerous than simple phishing hacks. There are analytical tools that can search databases and find personal information that can be used for hacks like the DNC hack that was a huge campaign issue in 2016. So, when you hear that a state actor has access to a billion yahoo accounts you should be very worried. Not only has the door been opened to hackers who could have state backing, but with the access the hackers had they could’ve built back doors that will give them access for years to come.
And that’s why there are reports that Verizon is reviewing its decision to buy Yahoo.
We can’t say that these hacks were totally avoidable. Hackers are simply too strong today. But if Yahoo took its cybersecurity more seriously they could have at least minimalized the damage from the attacks. But that’s why they’re worth almost 100 billion less than they were before. Don’t let your company be like Yahoo, take your cyber security seriously.