Archive for Yahoo

Those Who Got Pwned In Yahoo Data Breaches Can Sue Says US Judge

Posted in Commentary with tags on March 12, 2018 by itnerd

This isn’t good news if you’re Verizon who now owns Yahoo. I say that because the company has been ordered by a federal judge to face much of a lawsuit in the United States claiming that the personal information of all 3 billion users was compromised in a series of data breaches:

In a decision on Friday night, U.S. District Judge Lucy Koh in San Jose, California rejected a bid by Verizon Communications, which bought Yahoo’s Internet business last June, to dismiss many claims, including for negligence and breach of contract. Koh dismissed some other claims. She had previously denied Yahoo’s bid to dismiss some unfair competition claims.

[…] The plaintiffs amended their complaint after Yahoo last October revealed that the 2013 breach affected all 3 billion users, tripling its earlier estimate. Koh said the amended complaint highlighted the importance of security in the plaintiffs’ decision to use Yahoo. ‘Plaintiffs’ allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System,” Koh wrote. She also said the plaintiffs could try to show that liability limits in Yahoo’s terms of service were “unconscionable,” given the allegations that Yahoo knew its security was deficient but did little.

I’m pretty sure that if you factor in the number of people who were affected by this pwnage and the potential cash that could be extracted from Verizon, this is going to get settled out of court pretty quickly. Because fighting and losing is going to get expensive in a hurry and even Verizon doesn’t have that kind of cash. The question is, how long will that take to happen.


Yahoo Hacker Pleads Guilty

Posted in Commentary with tags on November 28, 2017 by itnerd

The Canadian behind the Yahoo hack has decided to plead guilty. Karim Baratov served up a guilty plea in court today and he’ll be back to face sentencing on Feb. 20th. But his lawyers have a spin on this:

Outside court Tuesday, Baratov’s attorneys said their client hacked only eight accounts and did not know that he was working for Russian agents connected to the Yahoo breach. Baratov was arrested in Hamilton, Ont., in March and later agreed to forgo an extradition hearing and face the U.S. charges.

“He’s been transparent and forthright with the government since he got here,” said one of his attorneys, Andrew Mancilla.

We’ll see about that. I’m sure US officials see things differently. But seeing as they can’t get the two Russians accused of pwning Yahoo along with Baratov, you can be sure that they’ll throw the book at him early next year.

Yahoo And Equifax Apologize To Congress For Being Pwned In Epic Fashion

Posted in Commentary with tags , on November 8, 2017 by itnerd

Equifax and Yahoo are two companies that have been pwned in spectacular fashion over the years. And in both cases, they really haven’t fully stepped up to take responsibility for that pwnage. Today both Marissa Mayer who is the ex-CEO of Yahoo and Richard Smith who is the ex-CEO of Equifax along with current CEO Paulino do Rego Barros, Jr. were in front of Congress today in the public flogging known as a Congressional Hearing to say “sorry”:

Mayer opened her testimony with an apology, pointing out that Yahoo had been hit by a sophisticated attack from Russian hackers, one that even the best security couldn’t have stopped.

“These thefts occurred during my tenure, and I want to sincerely apologize to each and every one of our users,” Mayer said.


Equifax’s interim and former CEO apologized for the company’s failures and touted all the tools it’s offered to victims affected by the breach. That includes a credit-monitoring app that will be available in January and free credit locks from the company.

“We did not meet the public’s expectations, and now it’s up to us to prove that we can regain their trust,” Barros said.

However, sorry doesn’t cut it with Congress. When mid-term elections are a year away, it REALLY doesn’t cut it as evidenced by this:

Seemingly unsatisfied by most of the solutions offered by the company—beefing up their security and improving customer relations—Sen. Nelson insisted more work was required. “It’s going to take an attitude change among companies such as yours, that we’ve got to go to extreme limits to protect our customers’ privacy.”

Well no kidding. I’ve said for a while that if a company gets pwned and data gets stolen, the company must face some sort of penalty that not only severely hurts the company in question, but sends a message to other companies that pwnage is not acceptable. The question is, will that actually happen. I guess if you’re American, it’s time to call your Congressman and Senator to make sure it does because the next epic hack will happen unless companies are forced to beef up their defenses.

Verizon To World: Every Yahoo Account Was Pwned

Posted in Commentary with tags on October 3, 2017 by itnerd

I wonder where ex-Yahoo CEO Marissa Mayer is right now because I suspect that about three billion people want to know why she didn’t let the world know that every Yahoo account got pwned in that hack on Yahoo a few years back:

Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft. While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts. The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement.

If you still have a Yahoo account, now would be a really good time to follow the instructions on the email that you’re going to get. Or you can close the account seeing as it’s been pwned for years without your knowledge. The choice is yours. While new owners Verizon would prefer that you keep the account. I don’t think you should.

Yahoo Takeover By Verizon Closes… Mayer Resigns With Millions In Her Purse

Posted in Commentary with tags on June 14, 2017 by itnerd

It’s official. Yahoo has been swallowed up by Verizon, and as part of that Marissa Mayer is leaving her post as CEO of what used to be called Yahoo. But is now called Oath which is now run by Tim Armstrong, former chief executive of AOL. Mayer posted a Tumblr post with her thoughts on her departure:

Looking back on my time at Yahoo, we have confronted seemingly insurmountable business challenges, along with many surprise twists and turns. I’ve seen our teams navigate these hurdles and mountains in ways that have not only made Yahoo a better company, but also made all of us far stronger. During these past 5 years, we’ve built products that delight our users, focused on our clients’ businesses, driven substantial value for our shareholders, and endeavored to make Yahoo the absolute best place to work. I want to take a moment to remind you of some of our many achievements together. They are remarkable, and we should all be very proud.

Chances are that she won’t have to look for a job for a little while. I say that because she pocketed $23 million in severance which is not exactly chump change. Nor is the fact that if you factor in her stock holdings in what used to be called Yahoo, she leaves with $236 million according to CNN. Not bad considering what a gong show Yahoo has been over the last few years with failed attempts to make itself relevant again, and getting pwned by hackers multiple times. I wish I could fail like that and get that sort of payday.


#EpicFail: Mayer’s Golden Parachute From Yahoo Is $186 Million

Posted in Commentary with tags on April 25, 2017 by itnerd

So… Yahoo CEO Marissa Mayer has managed to ensure that when the Verizon buyout of Yahoo is finished in June, that’s she’s going to score a ton of cash before being shown the door. How much cash? Here’s what The New York Times has to say:

Her Yahoo stock, stock options and restricted stock units are worth a total of $186 million, based on Monday’s stock price of $48.15, according to data filed on Monday in the documents sent to shareholders about the Verizon deal.

Oh… But it gets better…. Depending on your point of view of course:

That compensation, which will be fully vested at the time of the shareholder vote, does not include her salary and bonuses over the past five years, or the value of other stock that Ms. Mayer has already sold. All told, her time at Yahoo will have netted her well over $200 million, according to calculations based on company filings.

All together now… Whiskey Tango Foxtrot? This is a woman who has presided over one of the biggest epic fails in American corporate history. And that was before Yahoo got hacked multiple times. How she manages to walk away with this much money is mind boggling. And it beats the millions that Mark Hurd was given to quit his job as CEO of HP after allegations of either sexual harassment or an “inappropriate relationship” with an HP employee that was tied to inaccurate expense reporting that likely covered up the former surfaced.

If I had Yahoo stock, I’d be royally pissed right about now.

Feds Identify Four Perps In Connection With Yahoo Hacks

Posted in Commentary with tags on March 15, 2017 by itnerd

According to a report by Bloomberg, four people have been identified in connection with the hacks of Yahoo. Three are Russian. One, in a moment of national shame for me, is apparently Canadian and he or she is under arrest:

U.S. officials are planning to unseal charges against four people, including two linked to the Russian intelligence service, related to the hacking attacks against Yahoo! Inc., according to a person briefed on the matter.

The Justice Department is accusing them of participating in massive online security breaches that compromised hundreds of millions of user accounts, said the person, who asked not to be identified because it was a sensitive legal matter. The hacks came to light last year and threatened to derail the sale of Yahoo’s web operations to Verizon Communications Inc.

One of the people was arrested in Canada Tuesday and was scheduled to appear in court Wednesday for an extradition hearing, according an officer with the court in Hamilton, near Toronto. Additional details weren’t immediately. Three of the suspects are believed to be in Russia, according to the person. Representatives of Sunnyvale, California-based Yahoo and the Justice Department declined to comment.

So this case has taken an interesting turn as it looks like these hacks were state sponsored. That’s going to be a concern going forward as it is now clear that whether you’re a government or a corporation, you have to consider those actors as well as the 12 year old living in their mother’s basement.

UPDATE: There are many more details on this story now coming to light which make for a very interesting read. For that, I would direct you to this story. Also of note, Marissa Mayer who is the CEO of Yahoo who was clearly asleep at the switch when these hacks occurred had this to say on Twitter: