SYSTEM INTRUSION DISCUSSION 1

SYSTEM INTRUSION DISCUSSION

Name

Institution

Instructor

Course

Date
SYSTEM INTRUSION DISCUSSION 2

Yahoo Data Breaches

In 2013 and 2014, yahoo, currently known as Altaba faced what would be the biggest

breach in the history of public companies. The attack that compromised about three billion user

accounts was announced in December 2016, still making the company the first publicly traded

company to be fined $35 million by SEC for failing to disclose the attack. The attack in 2014,

believed to be state-sponsored compromised telephone numbers, dates of birth, email addresses,

real names, and security numbers for about 500 million users. In 2016, the company disclosed

another breach that occurred in 2013 that compromised about 1 billion user accounts. The attack

propagated by a different user compromised dates of birth, email addresses, security questions,

names, addresses, and passwords linked to the user accounts. After the revision in 2017, about 3

billion user accounts have been compromised. The announcement of the original 2013 breach

was badly timed. The company was in the process of being acquired by Verizon in which yahoo

was paid about $4.48 billion for yahoo’s core internet business. The data breach resulted in about

$350 million in company value loss (Thielman, 2016).

It was unfortunate that the company failed to issue a sweeping statement expected to give

public reassurance that the company was remitted to cybersecurity in a meaningful way.

However, security notices first sent to yahoo users in September 2016 and October 2017 were

posted on the company brand website. The emails sent did not request users to click any links,

download any attachments or ask for personal information. Avoiding this was a notice yahoo

was giving to its users to differentiate legit emails and attempts to steal personal information

according to Thielman (2016). Most importantly, the company went the extra mile to develop

three strategies to prevent future attacks. The first strategy was to stop invalidated unencrypted

security questions and answers. The second one is to continuously enhance the systems to detect
SYSTEM INTRUSION DISCUSSION 3

and prevent unauthorized access and lastly, was to require all affected and unaffected accounts to

change their passwords. To aid the recovery process, the company also promised to work with

the US intelligence during the investigation. Verizon Inc., which is part of yahoo also promised

to spend about $306 million to improve yahoo’s security on the internet.

SYSTEM INTRUSION DISCUSSION 4

References

Thielman, S. (2016). Yahoo hack: 1bn accounts compromised by biggest data breach in history.

The Guardian, 15, 2016.

Yahoo help. (2017). Yahoo security notices | Yahoo help - SLN27927. Retrieved March 14,

2021, from https://help.yahoo.com/kb/sln27927.html?

guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuY3NodWIuY29tLw&guce

_referrer_sig=AQAAAJpy1_SaKryTAL-xzCxNJm01EPIUnC-tVdpHey5hb--

t5NTKpfyjscRsty5FZiNB8VjLFruFep-smeJhSeYiWeqvhqS3K-

sx63eu7m4iQa37c8pf3DM6KyrXHHZm1djob8AnNRvbv5z2euHXr3sVrUeP_BRNMlZ

eEMgXsMXLzNIp