Displaying items by tag: Yahoo
Large digital security breaches are a common occurrence in the corporate world today. The latest breach, experienced by consumer credit reporting agency Equifax, follows a trend of troubling hacks that have played out across the globe this year. It seems adversaries will stop at nothing to evolve their threats, move with even more speed, and find new ways to widen their operational space.
Equifax chief executive Richard Smith said his company “will make changes” after a massive security breach in July that may have exposed the data of up to 143 million people, he said in an opinion piece in USA Today on September 12. Smith said the company first learned of the breach on July 29, but didn’t go public with the information for six weeks because “we thought the intrusion was limited.”
Smith described the hack as the “most humbling moment” in the company’s 118-year history. Founded in 1899 and based in Atlanta, Georgia, it is the oldest of the three largest American credit agencies along with Experian and TransUnion. “We are devoting extraordinary resources to make sure this kind of incident doesn’t happen again,” Smith wrote, promising to “make changes and continue to strengthen our defenses against cyber crimes.”
The company has been highly scrutinized for its handling of the data breach, which compromised the personal information of as many as 143 million Americans. Residents in the United Kingdom and Canada were also impacted. After detecting the breach, Equifax waited six weeks before it notified the public in early September. Rather than informing people whose data had been compromised, the company set up a website that wasn’t ready for days.
Yahoo experienced similar scrutiny when it dealt with massive data breaches. The company announced in September 2016 that hackers in 2014 had stolen data from more than 500 million of its users’ accounts. Yahoo then announced in December 2016 another breach dating back to 2013 in which over a billion users had their data stolen. The US Securities and Exchange Commission opened an investigation into whether Yahoo should have informed investors sooner about the breaches.
To make up for its failure to protect users’ data, Equifax, which rakes in around US$ 3.1 billion in annual revenue, offered free credit monitoring services to its customers. But the company was criticized for requiring those who enrolled for the offer to waive their right to sue the company. Soon enough, Equifax backtracked on the requirement, allowing customers to sue the company if they sent it in writing within 30 days.
Nevertheless, Equifax has been forthcoming about the wider issue of cybersecurity and the need for change. Smith acknowledged some of the company’s problems in his article, admitting that consumers and media have raised “legitimate concerns” about the services Equifax offered and the operations of its call center and website. “We accept the criticism and we are working to address a range of issues,” he said.
Smith said the company is now committed to doing everything it can to support those affected by the breach. “Our team is focused on this effort and we are engaged around the clock in responding to millions of inquiries from consumers,” he said. Equifax has warned, however, that credit card numbers of around 209,000 people have been exposed, in addition to “personal identifying information” on roughly 182,000 customers involved in credit report disputes.
Prior to Equifax’s data breach, Time Warner-owned US TV network HBO was the latest major corporation to fall victim to hackers. HBO confirmed on July 31 that a whopping 1.5 terabytes of material had been stolen – a significantly larger amount than the 200 gigabytes stolen from Sony Pictures in 2014. Similar to Equifax’s breach, HBO’s hackers obtained potentially sensitive information, including employee data and even access to internal corporate emails.
The string of corporate hacks this year, including the global “WannaCry” ransomware attack in May and the subsequent “Petya” attack in late June, represent a chilling trend taking place all over the globe, in which cyber hackers are finding more avenues to infiltrate even the most seemingly protected organizations, by findingnew ways to widen their operational space.
An ever-evolving threat
Hackers today have more tools at their disposal than ever before. They also have a keen sense of when to use each one for maximum effect. In Cisco’s Annual Cybersecurity Report 2017, it explains how the explosive growth of mobile endpoints and online traffic work in favor of cyber hackers. Adversaries have more space in which to operate, the report claims, and more choices of targets and approaches.
It may not be possible to stop all attacks, the report says, but you can minimize both the risk and the impact of threats by “constraining your adversaries’ operational space and, thus, their ability to compromise assets.” Cisco suggests that companies should simplify their collection of security tools by integrating them into an automated architecture to streamline the process of detecting and mitigating threats. That leaves companies with more time to address more complex and persistent ones.
According to Cisco’s 2017 Security Capabilities Benchmark Study, organizations that have not yet suffered a security breach may believe their networks are safe. This confidence is probably misplaced, the report says, considering that 49 percent of the security professionals surveyed said their organizations have had to manage public scrutiny following a security breach.
Take Yahoo for instance: Following the shocking revelation that 1.5 billion of its users accounts were hacked on two separate occasions, the company was forced to slash the price of its core internet business in the sale to US telecom giant Verizon by $350 million. Yahoo is also in the midst of lawsuits related to the way the hacks were handled. In an effort to diffuse the situation and make up for damage to its reputation, Yahoo announced that it would not award CEO Marissa Mayer a cash bonus for 2016.
The Cisco study found that nearly a quarter of the organizations that have suffered an attack lost business opportunities, and four in ten said those losses were substantial. One in five organizations lost customers due to an attack, and nearly 30 percent lost revenue. When breaches occur, operations and finance were the functions most likely to be affected (36 percent and 30 percent, respectively), followed by brand reputation and customer retention (both at 26 percent).
The report once again emphasizes the importance of companies focusing their resources on reducing their adversaries’ operational space if they want to avoid the aforementioned consequences. As a result, attackers will find it difficult to gain access to valuable enterprise resources and to conduct their activities without being detected. Automation, the report says, is essential to achieving this goal.
Automation helps companies to understand what normal activity is in the network environment, so they can focus their resources on more significant threats. Simplifying security operations, the report says, is the most effective way of eliminating adversaries’ unconstrained operational space. Unfortunately, most organizations are using more than five solutions from more than five vendors, according to the study, creating a complex web of technology, which can be a recipe for less, not more, protection.
Tim Armstrong, CEO of Oath, the parent company of AOL and Yahoo, confirmed the company will axe about 2,100 jobs from the two technology companies. Verizon, which owns AOL, closed its $4.5 billion acquisition of Yahoo's internet business. People began to receive notifications one day after the telco completed its $4.48 billion acquisition of Yahoo properties.
Caroline Campbell, a spokeswoman for AOL, said the company could not comment on the impact the layoffs will have on specific locations. The company acquired Baltimore mobile advertising firm Millennial Media in 2015 for $238 million and still has 2400offices at St. Boston in Canton. AOL also bought Advertising.com in 2004 for $435 million. That office is now under the ONE AOL advertising umbrella.
Many of the cuts are likely to be felt at the company's Silicon Valley offices, but that will be the product and engineering headquarters of the combined AOL and Yahoo which will continue to operate under their old names. The cuts will affect about 15 percent of the roughly 14,000 people in AOL and Yahoo's combined workforce.
The job cuts will come in overlaps in business functions such as human resources, but there will also be some from consolidation of products such as mail and advertising. Job cuts "will come across the whole Oath portfolio," Armstrong said during an appearance on CNBC, using the name that the combined companies will now operate under.
"We're not announcing any product changes now but there could be product changes in the future," he told CNBC. "Yahoo Mail and AOL Mail are areas where we may have different consumer front ends, but over time we would like to have their back ends consolidated."
The companies' ad systems are another area where consolidation is likely to occur. "We have multiple systems that we would like to merge to have a unified supply stack of technology and a unified demand stack," Armstrong said.
Most of those cuts are happening now but others could come in the future. "Over time, as in any business, if it makes sense to consolidate or make structural changes to the company, we will do those," Armstrong said.
Oath will also consider acquisitions in the future if good opportunities pop up, he said. "Right now we are very focused on the organic integration of our assets. That could change over time."
Oath, ultimately owned by AOL parent Verizon, will operate from dual headquarters in Sunnyvale, Calif. and New York.
"The Sunnyvale [Calif.] campus will lead the pack on product and engineering," Armstrong said. "I am looking at getting a place out here and spending a lot of time here. New York is going to be the connector to the media and advertising markets."
Armstrong said that despite the AOL-Yahoo deal being delayed by shocking revelations of massive hacking incidents, he is sticking to his goal of doubling Oath's number of users to 2 billion consumers and hitting between $10 billion and $20 billion in digital ad revenue by 2020.
Verizon is projected to see $1.5 billion in net global digital ad revenue in 2017 and Yahoo to generate $3.2 billion.
"The deal process took a little longer than expected so we are a little behind but we are staying with those goals," he said. "That is going to force us to be more creative and to work faster."
Armstrong said he isn't focused on recapturing the old days when most U.S. consumers used AOL and Yahoo as their front door to the Internet. Oath's content brands — which include HuffPost, TechCrunch, Yahoo Finance, Yahoo Sports and Tumblr — generate plenty of traffic, he said.
"If you look at where traffic comes from on the Internet today, Oath is one of the top four places in the world that consumers come in and out of," he said. "Long-term, whether we are the front door to the Internet or we are your favorite room, we have a house of brands that touches almost every major community and every major vertical. We have a business model to build brands that people love."
The parent company name of Oath drew some derision when it was unveiled, but Armstrong said it appealed to him because it implies a long-term commitment.
"It is meant to be a brand name that is about values," he said. "We want all of our brands and teams to be connected by values and principles. We think Oath is a great way to explain that. You don't make an Oath to something unless you want to be in it for the long term."
A lot will be known about the ultimate success of the company by what happens in the next 36 to 38 months, Armstrong said.
"Our teams know that we are starting from a lot of scale, a lot of assets and talent," he said. "But if I had to sum up in three words what we need to do, it would be, 'Build, baby, build.' That's our focus."
Yahoo! Inc. announced the preliminary results of its special meeting of stockholders held on June 8. Yahoo stockholders approved the previously announced proposed $4.48 billion sale of the company's operating business to Verizon Communications Inc.
Yahoo anticipates that the sale transaction will close on June 13, 2017. As previously announced, following the closing of the sale transaction, the company will change its name to "Altaba Inc." and register as an investment company.
Following the shocking announcement made by Yahoo last year that 1.5 billion of its users’ accounts were hacked on two separate occasions, Yahoo slashed the price of its core internet business in the sale to Verizon by $350 million, it was reported in February.
Yahoo is in the midst of lawsuits related to the large cyber attacks against its users, which affected more than 1.5 billion people. The company announced in September last year that hackers in 2014 breached the accounts of more than 500 million user accounts stealing personal information. Then in December, Yahoo admitted to another cyber attacks which took place in 2013 affecting more than a billion users.
The terms of the revised sales agreement between Yahoo and Verizon now says that Yahoo will continue to cover the cost of a Securities and Exchange Commission probe into the breaches as well as shareholder lawsuits. However, Verizon will share the cost of government investigations and third-party litigation related to the hacks.
Through the acquisition of Yahoo’s operating business, Verizon aims to boost its mobile media and advertising efforts in a shift away from relying solely on its traditional telecoms operations.
After the deal between Yahoo and Verizon closes, Verizon will merge the assets from Yahoo with its AOL business, acquired in 2015 for $4.4 billion, to form a business unit called Oath. It was reported that due to the overlap in departments such as human resources and marketing, around 2,100 employees, or 15 percent of the combined workforce, could be laid off at Oath.
The privacy watchdog Electronic Frontier Foundation lashed out at Verizon calling AppFlash “spyware”. But Verizon shot back in a statement clarifying its intentions, insisting users must explicitly grant permission before using the service. Verizon customers have absolute control to disable the service, the company said, and no one has to use it if they don’t want to.
The EFF will reportedly investigate the service, after retracting a blog post saying AppFlash represents Verizon’s intention “to start monetizing its customers’ private data as soon as possible.” The post was published shortly after US Congress voted to end restrictions put in place during the Obama-era on what ISPs like Verizon could do with information about users.
Verizon faced scrutiny last year over privacy issues when it agreed to pay a $1.35 million fine over a “supercookie” that federal regulators said followed Verizon’s customers’ internet activities without their permission. The company is aiming to evolve into an advertising business with the purchase of AOL in 2015 and the recent acquisition of Yahoo’s core internet business.
The benefit for Verizon having information about what websites and apps its users favor is that it could charge companies more for ads that feature on those sites. Search services similar to AppFlash are already used by Android devices and iPhones. But AppFlash is different in the way it draws more data from user interactions and can target ads accordingly.
AppFlash is Verizon’s version of Evie Launcher which can be purchased through the Android app store. Once the app has been installed, users can swipe from the edge of their smartphone to bring up a search bar; one search brings up content from the web and installed apps at once. For example, if you search the name of a film, Evie provides access to purchase tickets through Fandango or to read reviews through Rotten Tomatoes or IMDB.
A recent Bloomberg report suggests that authorities in the United States are planning to issue criminal indictments targeting four individuals connected to the massive hacks against Yahoo users' accounts. Three of the individuals are said to be Russian. The source cited by Bloomberg said one of the suspects is being tracked down in Canada and the others are in Russia.
Yahoo's current CEO Marissa Meyer lost out on her annual bonus after an investigation determined that Yahoo had mishandled a 2014 hack that resulted in the theft of personal data from more than 500 million Yahoo user accounts. Yahoo was criticized for not disclosing information about the hack publicly until September last year.
Yahoo was judged by an independent committee which determined that the company's security team knew about the attack when it happened, according to a regulatory filing. Late that year, senior executives and some legal staff were made aware that "a state-sponsored actor had accessed certain user accounts" by exploiting an account management tool.
In the filing Yahoo said: "While significant additional security measures were implemented in response to those incidents, it appears certain senior executives did not properly comprehend or investigate."
To make matters worse, Yahoo disclosed another cyber attack in December last year that occurred in 2013, this time affecting more than a billion users. The disclosure of the massive hacks has affected Yahoo's deal with US telecoms giant Verizon, which is purchasing Yahoo's core internet business. Verizon demanded a $350 million discount after the hacks became public.
Yahoo's run as an independent company will now come to an end after 20 years, now that Verizon has agreed to purchase its core internet business for $4.48 billion. Yahoo is selling its main operating business as a way to separate it from its more valuable stake in the Chinese internet giant Alibaba, which will become a new entity and act as an investment company.
Yahoo still faces probes and lawsuits related to the massive hacks against its users' accounts affecting more than 1.5 billion, and the timing of the disclosures. US law requires companies that fall victim to such hacks to disclose them as soon as they are deemed to affect stock prices.
After revealing last year that over a billion of its users' accounts had been hacked in two separate occasions, Yahoo just revealed another hack, involving some 32 million accounts that have been accessed by intruders over the past two years.
Reuters reported that the accounts were compromised using forged cookies. Yahoo is said to be in disbelief that the accounts were accessed by the "Same state-sponsored actor believed to be responsible for the 2014 hack." About 500 million accounts were hacked in the 2014 attack.
"Based on the investigation, we believe an unauthorized third party accessed the company's proprietary code to learn how to forge certain cookies," said Yahoo in its latest annual filing.
In an effort to diffuse the situation, Yahoo announced that it would not award CEO Marissa Mayer a cash bonus for 2016 due to the findings of an independent committee's research into the 2014 security issues. The CEO has also offered to pass up any 2017 annual equity award due to the data breaches.
In September of last year, Yahoo confirmed that 500 million user accounts had been breached during a hack in late 2014. In addition, Yahoo announced in December of last year that another 1 billion accounts were accessed in a data breach that occurred all the way back in 2013.
All of the controversy is happening just as Yahoo is being acquired by US telecoms giant Verizon which is purchasing its core internet business. Because of the security concerns, Verizon revealed last month that it was cutting $350 million from its acquisition price bringing it down to $4.48 billion. The acquisition is expected to close in the second quarter of 2017.
Following the shocking announcement made by Yahoo last year that 1.5 billion of its users accounts were hacked on two separate occasions, Yahoo has slashed the price of its core internet business in the sale to US telecom giant Verizon by $350 million. Under the revised terms of the delayed deal, Verizon will now purchase Yahoo’s assets for $4.48 billion.
Yahoo is still in the midst of lawsuits related to the large cyber attacks against its users, which affected more than 1.5 billion people. The company announced in September last year that hackers in 2014 breached the accounts of more than 500 million user accounts stealing personal information. Then in December, Yahoo admitted to another cyber attacks which took place in 2013 affecting more than a billion users.
The terms of the revised sales agreement between Yahoo and Verizon now says that Yahoo will continue to cover the cost of a Securities and Exchange Commission probe into the breaches as well as shareholder lawsuits. However, Verizon will share the cost of government investigations and third-party litigation related to the hacks.
“We have always believed this acquisition makes strategic sense,” said Verizon executive vice president Marni Walden. “We look forward to moving ahead expeditiously so that we can quickly welcome Yahoo’s tremendous talent and assets into our expanding portfolio in the digital advertising space.”
Verizon is purchasing Yahoo’s main operating business which is a way for the dwindling internet company to separate from its more valuable stake in Chinese internet e-commerce giant Alibaba, in which it will become a new entity, renamed Altaba, Inc., and will act as an investment company. Yahoo’s deal with Verizon is expected to close by July, ending Yahoo’s more than 20 years as an independent company.
Following the massive hacks against its users, Yahoo is said to be ramping up security. Yahoo’s current CEO Marissa Meyer said last month that “approximately 90 percent of our daily active users have already taken or do not need to take remedial action to protect their accounts, and we’re aggressively continuing to drive this number up.”
The SEC has reportedly opened an investigation as to whether Yahoo should have informed investors sooner about the massive data attacks. The company boasted over a billion users in 2016, with more than 650 million of those people connecting from mobile devices. According to US law, companies that fall victim to large data hacks must disclose them as soon as they are deemed to affect stock prices.
Yahoo has revealed more details about the large hacks against its users’ accounts, saying hackers may have been able to user a maneuver to break into accounts without stealing passwords.
Last year Yahoo announced that an estimated one billion of its users had their accounts breached, which, according to Yahoo, involved forging of ‘cookies’ or files used to authenticate users when they log into their accounts.
The investigation into the hacks is in the final stage, AFP reported. Yahoo is said to be in the final stages of sending out notifications to the list of compromised account owners. A Yahoo spokesperson said the company was notifying all potentially affected users and said the forged cookies have been “invalidated”.
“As we have previously disclosed, our outside forensic experts have been investigating the creation of forged cookies that could have enabled an intruder to access our users’ accounts without a password,” said Yahoo in a statement. “The investigation has identified user accounts for which we believe forged cookies were taken or used.”
The company broke the news in September last year that in 2014 hackers stole personal information from more than 500 million of its users’ accounts. Yahoo then revealed another attack in December last year, this one dating back to 2013, which affected more than a billion users.
The data breaches have been a major setback for Yahoo which was a leading internet company, especially since it is currently in the process of selling its core operations to US telecoms giant Verizon for $4.8 billion. Following the disclosure of the hacks, reports say that Verizon and Yahoo have come to an agreement to discount the price by $250 million to $300 million.
Yahoo revealed on Monday, 23 January, that the closing of the $4.8 billion deal to sell its core internet assets to US telecom giant Verizon has been delayed several months. What’s more, the US Securities and Exchange Commission have opened an investigation into whether Yahoo should have informed investors sooner about its two major data breaches announced last year.
The US Securities and Exchange Commission is said to have requested documents from Yahoo in December 2016 concerning the two data breaches the company disclosed last year. According to US law, all companies that experience such hacks must disclose them as soon as they are deemed to affect stock prices – which Yahoo did not.
The company announced in September last year that hackers in 2014 had stolen data from more than 500 million of its users’ accounts. The company then announced in December another breach dating back to 2013, in which over a billion users had their data stolen.
The focus of the SEC’s investigation into Yahoo is to determine why it took Yahoo several years to reveal the 2013 and 2014 hacks, the Wall Street Journal reported. However, the SEC has not yet decided whether it will file a lawsuit against the company. The data breaches have been a huge embarrassment for Yahoo as it plans to sell its core internet business to Verizon – a deal that Yahoo recently announced is delayed.
The deal, which was originally set to close this quarter, has been pushed into the next quarter, AFP reported. The announcement came as Yahoo released its quarterly earnings figures that showed a profit of $162 million in the final three months of 2016. The company said in a release, “Yahoo has continued to work with Verizon on integration planning for the sale of its core business.”
Following the disclosure of the data breaches, Yahoo’s deal with Verizon is now in doubt – a deal which would end the company’s more than twenty years as an independent company. Yahoo insists that it is ramping up security to ensure that data breaches will not be an issue again. Yahoo CEO Marissa Meyer said, “Our top priority continues to be enhancing security for our users.”
Meyer added that “approximately 90 percent of our daily active users have already taken or do not need to take remedial action to protect their accounts, and we’re aggressively continuing to drive this number up.”
Today, everything is online. The internet is where people go to book flights, go shopping, complete banking transactions, socialize, and so much more. It has provided a world of profound convenience and happiness for people. The only downside is that we’ve become too comfortable with uploading sensitive information which has created a field day for data theft and identity hackers. For instance, Yahoo announced in September 2016 that a massive hack on its network in 2014 saw 500 million of its user’s data breached. Yahoo then announced in December 2016 another breach of more than one billion user accounts that occurred in August 2013, separate and distinct from the previous hack.
"Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry," California-based Yahoo said in a release after the announcement of its 500 million user breach. "Yahoo and other companies have launched programs to detect and notify users when a company strongly suspects that a state-sponsored actor has targeted an account.”
What’s so troubling about Yahoo’s recent announcement is that the company’s chief information security officer, Bob Lord, said the company hasn’t been able to determine how the data from the one billion accounts was stolen. Lord wrote in a post: “We have not been able to identify the intrusion associated with this theft. The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”
The Yahoo incident highlights the vulnerability facing even the largest and seemingly most secure organizations around the world. Yahoo was reportedly alerted to the massive breach of accounts by law enforcement and is said to have examined the data with the assistance of outside forensic experts. The hacked data does not appear to include payment details or plaintext passwords, but it’s been reported that the hashing algorithm MD5 is no longer considered to be secured which is bad news for account holders.
The MD5 algorithm is a widely used hash function. The algorithm was designed to be used as a cryptographic hash function, but it has been found to suffer from “extensive vulnerabilities”. Some sources say the security of the MD5 has been “severely compromised” with its weaknesses having been exploited in the field.
The Yahoo hack shows just how seemingly innocuous bits of data obtained by cyber-attacks can be leveraged for profit and even potentially for espionage and information warfare. Yahoo’s breach is reportedly the largest on record.
John Dickson, from the security consultancy firm Denim Group, says while the Yahoo data breached by the cybercriminals is “a bunch of junk,” it still provides the opportunity to create a searchable database with information such as birth dates and phone numbers. For hackers seeking to make profit or commit industrial or state espionage, the personal data provides a world of opportunity.
Just look at the recent US presidential election hack for proof. One of the hacks was the Gmail account of Clinton campaign chairman John Podesta. Media reports said Podesta was tricked into revealing his password when he received a fake email. These kinds of attacks, according to security analysts, are often well-planned, and executed by gathering personal information from individuals, such as birth dates, passwords, etc – the very same information that was hacked from Yahoo’s users.
“If you’re trying to research and get information about a target, you’re going to use everything you can find,” says Dickson, who once was an officer at the Air Force Information Warfare Center. But what was the target of the Yahoo attack? Some believe that the Yahoo hack wasn’t necessarily financially focused. For instance, the Yahoo hackers did not collect credit card or social security numbers, which has led some analysts to the conclusion that there might’ve been motives other than money.
To make things worse, Yahoo is under intense scrutiny after admitting recently that some of its employees were aware of the theft of 500 million users’ data as early as 2014 – years before the company publicly acknowledged what had happened. In response to the breach, Yahoo reported that 23 consumer class action lawsuits have been filed in response to the breach. It is too early for the company to estimate monetary damages, but reports suggest that the hack has led to a loss of about $1 million so far.
Yahoo went into more detail about the hack in a filing in which it wrote, “In late July 2016, a hacker claimed to have obtained certain Yahoo user data. After investigating this claim with the assistance of an outside forensic expert, the company could not substantiate the hacker’s claim. Following this investigation, the company intensified an ongoing broader review of the company’s network and data security, including a review of prior access to the company’s network by a state-sponsored actor that the company had identified in late 2014.”
News of Yahoo’s breach has been tough for American telecom operator Verizon to swallow. Verizon officially agreed to purchase Yahoo Inc's core internet business for $4.8 billion in July 2016. Purchasing Yahoo's operations was expected to boost Verizon's AOL internet business, which it bought in 2015 for $4.4 billion, by giving it access to Yahoo's advertising technology tools as well as other assets such as search, mail and messenger.
But when news broke that Yahoo’s user information had been breached, Verizon reportedly asked for a $1 billion discount, which wasn’t disclosed until after the September sale even though Yahoo CEO Marissa Mayer allegedly learned of the breach in July. In a filing by Yahoo, it said it has formed an independent committee to review “the scope of knowledge within the company in 2014 and thereafter regarding this access, the Security Incident, the extent to which certain users’ account information had been accessed.”
The controversy surrounding Yahoo’s data breach plays directly into the paranoia inflicting the United States right now over cybersecurity concerns in the US election campaign and the potential impact of hacked email accounts from people close to Democratic presidential candidate Hillary Clinton. On October 7, 2016, the U.S. government formally accused Russia of trying to “interfere” with the American presidential election, and promised to respond at an undisclosed time and place.
Could data be weaponized as a new tool used by governments to execute specific foreign policy agendas? James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, a cybersecurity think-tank, said in a blog post, “Espionage and geopolitical manipulation can now be easily achieved through cyber and information warfare from any adversary.”
Scott added: "Now, at least China, Iran, Russia, and Venezuela have funded political propaganda campaigns that digitally weaponized information by spreading disinformation and polarizing content throughout Western nations.” Scott further noted that the breaches affecting Clinton and the Democratic National Committee were "dangerous because they provide a context-less release of information to the public that breeds distrust and resentment."
There are fears among experts that attackers could mix real data with manipulated information to distort facts, creating further confusion and mistrust. Security firm InfoArmor came forward in September to say its analysis of the first Yahoo breach indicated that “professional” hackers had stolen the data, and had later sold it to a “state entity”. The firm said that the breach “opens the door to significant opportunities for cyber espionage and targeted attacks to occur.”
With data breaches becoming more common around the world, leaders are stepping up to protect their nations from cyber-attacks. Outgoing US President Barack Obama recently called for a broad review to be conducted into the Russian hacking scandal. Meanwhile, Russian President, Vladimir Putin has approved a broad-ranging cybersecurity plan which is specifically aimed at bolstering the country’s defenses against cyber-attacks from abroad, while it will also be utilized for cracking down on perceived foreign influence.