Yahoo has been attacked more than once, so it’s worth recapping. In two attacks in 2013 and 2014, hackers had access to “names, email addresses, phone numbers, birth dates, password hashes and, in some cases, encrypted or non-encrypted security questions and 500 million to 1 billion accounts. Only the first attacks are already huge problems, especially since the password hashes used the weak MD5, which has known vulnerabilities for years. But the most serious fault involved forged cookies, through which hackers were able to create cookies to “trick” Yahoo and access user data even without breaking the password hashes. It was this technique that affected the 32 million accounts. Investigations confirmed that hackers, sponsored by a state organization, were interested in 26 accounts. Yahoo notified these users individually and called for enforcement. The report concludes that senior executives have failed to “properly understand or investigate” the safety team’s alerts, which knew of the leaks since 2014. However, the problems were only revealed to the public in 2016. In Tumblr, CEO Marissa Mayer says she worked with the team to report the leak to users, regulators and government agencies as soon as she discovered the problem in September 2016 and it ends: “However, I am the CEO of the company, and as the incident occurred during my tenure, I agreed to waive my annual bonus and equity share this year.” Mayer asked that the money will be redistributed among the company’s employees. Leaked news came shortly after US carrier Verizon closed an agreement to buy Yahoo for $4.83 billion. In February, the two companies agreed to reduce the value of the purchase by $350 million, with legal liability charges for the leaks now being shared with Altaba, a company that will come from what is not purchased by Verizon.
Δ