Yahoo, inc. Cyber Attack Case Study

Cyber Security and Risk Management

This case study is about the cyber attack that Yahoo, inc. suffered.

Yahoo! Inc. is one of the largest web services provider companies in the world. The company was founded in the year 1994 by David Filo and Jerry Yang, owned by Verizon Media Company and is headquartered in Sunnyvale, California. Yahoo! Inc. has got 8,900 employees. The major web services provided by the company to its users include communication services via the use of Yahoo Mail and Yahoo Messenger. It also offers content to its users via products such as Yahoo Games, Yahoo Answers, Yahoo News, Yahoo Weather, Yahoo Movies, Yahoo Music, Yahoo Finance, and Yahoo Sports. It also offers branding services to web-based companies. It offers mobile communication services through Yahoo Mobile where users can get access to mobile blogging, instant messaging, and email services.  Yahoo also is a versatile company and offers advertising services as well as platforms for building small businesses like retail online stores via the use of Yahoo Store, Yahoo Business Mail, or Yahoo Merchant Solutions. With all these products and services offered by the company, it attracts numerous users. Having briefly explained the company and its capabilities as well as the number of users it serves, it is evident that a cyber-attack on Yahoo! Inc. could be devastating to millions of its users. 

In line with this, Yahoo! Inc. was breached by a cyber-attack in the year 2014. The type of cyber-attack that occurred was identity theft. The attack was not realized earlier enough and it was realized two months after the attack had taken place when a user or rather a client of Yahoo Mail product reported some of his data he had saved in the mail cloud were missing (Dustin, 2016). Upon following a strict trail on the complaint by the company, it found out that indeed the whole company had been attacked. The cyber-attack had a huge impact on the company and it was termed as the largest and most massive hacking of individual data directed to a single company by the CEO Marissa Mayer (Dustin, 2016). The cyber-attack led to the hacking of over 500 million user accounts. According to a report released by Marissa Mayer, she states that from the affected accounts, personal information including passwords, telephone numbers, home addresses, dates of birth, national identity card numbers, and names along with other documents that users had stored in their clouds and drives including medical records and details for their insurance covers. Moreover, bank details for over 70 million users were stolen. The number, however, was never proved as accurate. 

The company responded to the attack by first suspending all the affected accounts so as to ensure that the thread of worm, which was used to hack into other accounts continues. Then it terminated over 200 million passwords and usernames of accounts that had been sold during the year 2013 by the hacker “Peace” since they believed the accounts may have been used to gain access into the serves and eventually access the personal information of the main user accounts (Dustin, 2016). Moreover, the company suspended all the passwords of all the users and sent them links via which they were to use to reset their account passwords. This was also another way of flashing out the attacker’s worm. As soon as this was over, it started a legal investigation since they believed the attack was a state-sponsor attack. The company worked with the government on the same. The hack also, not only did it let to the loss of personal information and details of users, but it also tarnished the name of the company. Since the year 2014 to 2015, statistic reports has it that out of the 500 million users who had lost their information, only 35% recreated other accounts with Yahoo! Inc. while others left the company and joined other companies including Google Inc. which offers the same services (Ali, 2017). 

Due to the attacks, financial reports of Yahoo! Inc. shows that it lost $1.23 billion in its second quarter of the 2014 financial year. This was due to the fact that most affected users quit the company and this led to a drop in the number of accounts. This way, advertisers also reduced and the company runs into a loss as its profits dropped and its operating costs increased especially given the fact that maintenance costs to curb the attack were included. It was due to this that the company laid off 15% of its workforce in the year 2015, so as to reduce costs and stabilize the profit margin. To mitigate future attacks the company changed its processes. It, first of all, doubled the size of its internal security staff and input $260 million security initiatives (Ali, 2017). It also included a feature that enabled the users to have the ability to know who has logged into their account remotely and they are able to log them out, along with being granted access to a password authentication via a third party. The company also installed numerous firewalls to prevent any form of hacking and at the same time enable its users to manage their accounts offline. All these changes in processes have so far helped in curbing identity theft cyber-crime in Yahoo! Inc. since 2014 to date (Thomas, 2016).  

As a business manager, I totally know what it feels like when a customer or a client loses trust in one’s company. They will always tell other people what happened to them and what the company is not capable of doing, and that is: keeping the information of their clients safe. This makes the company lose clients and when this happens, profits drop and since the operation costs are constant, the company will definitely run into loses. Basing this concept on the case of Yahoo! Inc. therefore, I would advise that the company should come up with anti-virus software which they can send to their users via their accounts. Upon installing them, the software will act to prevent any phishing incident and hence preventing hackers from accessing their personal information (Davis, 2013). The cost of building this software will be an added cost but the returns are profitable. The other recommendation is that the organization should always have back-up servers containing information of their users so that in case they are stolen, the users can still retrieve their information. To better support the IT department, they should first train their technical team, then financially reinforce the IT departments so that they can purchase stronger software and firewalls which are able to detect any work which might cause identity theft crime.

Concluding this discussion, it is evident that cybersecurity breaches have risen in the recent past with identity theft hitting most huge companies like Yahoo! Inc. as explained in this paper. It is, therefore, a high time that companies invest a lot in ensuring that their systems are malware proof and installed with the latest and updated anti-virus software which can help detect any form of the breach at a faster rate.

References

* Ali, B. (February 2, 2017). Yahoo reveals new details about security. The Hill Press. Retrieved 

On February 3, 2019, from; https://thehill.com/policy/technology/321052-yahoo-reveals-new-details-about-security

* Dustin, V. (September 22, 2016). Yahoo says hackers stole data from 500 million accounts in 

2014. Reuters. Retrieved on February 3, 2019, from;  https://www.reuters.com/article/us-yahoo-cyber/yahoo-says-hackers-stole-data-from-500-million-accounts-in-2014-idUSKCN11S16P

* Davis, E. S. (2013). A worldwide problem on the World Wide Web: International responses to 

Transnational identity theft via the Internet. Wash. UJL & Poly, 12, 201.

* Thomas, B. (September 22, 2016). Yahoo Admits 500 Million Hit In 2014 Breach. Forbes. 

Retrieved on February 3, 2019, from; https://www.forbes.com/sites/thomasbrewster/2016/09/22/yahoo-500-million-hacked-by-nation-state/#64bacfab6dcb