Analysis of Yahoo Incident - Case Study Example

Student Name: Tutor: Title: Management Communication Essay Course: Management Communication Essay Introduction This essay identifies a major business incident that occurred at least two years ago and provides an analysis of the way the affected company handled the issue using various theories that have been covered in the unit. This essay looked at the historic data breach that was realized at Yahoo where personal information of clients was stolen by hackers and sold them to third parties. Although the hacking had happened in 2014 it was only realized in 2016 July but the company took another two months before letting its customers know about the incident. How Yahoo handled this incident elicited mixed reactions from people and showed some laxity in the company with regard to securing client’s information. This essay reviews events leading to this breach and how the company handled the incidents through various communication channels. Discussion In July 2016 Yahoo! Inc. got a report of an anonymous hacker who claimed to have two-hundred and eighty million user account credentials for sale on black market. The initial investigation established that there was no evidence to back this claim according to people involved in the investigation (Olenick, 2016). Such claims were common. Yahoo conducted thorough investigation, piece by piece and the company came out with evidence of even a bigger breach. Earlier the following week the individual said there was adequate evidence to present to Verizon Communication Inc., which had agreed to purchase web assets for Yahoo for $4.83 billion on July 25 (Moore, 2016). The person asked for anonymity in order to discuss internal findings. Yahoo released a statement the following Thursday where it shared the news with its users as well as the entire world. It was revealed that the personal information of at least 500 million users on its accounts from 2014 exposing a broad swath of its roughly one billion users. Yahoo said that the attacker was a state-sponsored actor and the information stolen included names, phone numbers, e-mail addresses, date of births, encrypted passwords as well as encrypted security answers and questions (Thielman, 2016). Passwords were taken in a form that prevented their immediate re-use and the company believed that financial information in the possession of the company remained safe. Yahoo confirmed that a major cyber attack had happened where data from 1 billion user accounts was compromised in 2013 making it the biggest breach in history. The company disclosed the breach in September after the attack had happened in July. The company claimed that unauthorized party broker into accounts in the statement that it released within its website (Olenick, 2016). Yahoo claimed that the hacks were connected and somehow ‘state-sponsored’. Yahoo Chief Information security officer said that the hackers ‘forged cookies’ which refer to bits of code that remain the user’s browser cache in that a website will not need a login for every visit. The cookies made it possible for an intruder to gain access to the accounts of users without using a password through misidentifying anyone making use of them as the owner of the email account. The chief security officer, Bob Lord, said that the breach is closely related to theft of property code of Yahoo (Womack, Robertson & Riley, 2016). The company had suspected the breach in November when law enforcement came to the company with what a third party claimed to be user data and Lord suspected that the data included forged cookies. Brian Krebs, a Security researcher the years claimed that he had urged family and friends to stop using Yahoo mail since he had watched over the years that the company was lagging behind in blockage of spam as well as other email-related attacks. He reiterated that he still remained firm about this recommendation (Mendelsohn, 2016). After Yahoo made public the security breach in September 6 senators in the United States sent a letter to Yahoo asking the company to reveal in detail what exactly when it had learnt about the intrusion. The senators were disturbed that the comprising of user information first happened in 2014 and the company only revealed the breach in September of 2016. The six senators found the revelation that millions of Americans’ data had been comprised for a period of two years to be totally unacceptable. Yahoo was being acquired by Version for $4.8 billion but the sale has been a challenging one (Womack, Robertson & Riley, 2016). In October of 2016 a report indicated that the company had cooperated with NSA for enable scanning of emails of users for keywords on behalf of the agency. A lawyer representing Version, Craig Silliman, revealed that the September breach had definitely damaged the value of Yahoo and suggested that the damage has to be reflected in the quoted buying price. The lawyer asserted that the damage was material and looked forward to Yahoo to illustrate the full impact to them. If the impact had no any impact according to Yahoo the lawyer said they had to demonstrate so. The passwords were MD5-enrypted hence making the hackers to easily decrypt them by use of MD5 decrypter that is available online therefore making Yahoo vulnerable to hackers (Cox, 2016). Email breaches are traumatizing to users since they can reveal family and bank details together with passwords that users go ahead to share between systems or have received within their email accounts. The sharing of password has become very rampant in that databases of login information are usually used by hackers to test for password-and-email combinations on retail websites like Amazon or Wal-Mart (Thielman, 2016). Yahoo said that Bank account and payment card data were not stored within the system that is believed to be affected. Yahoo notified all users affected by the breach and asked them to change their respective passwords. Yahoo had other assets apart from the popular webmail service. Other properties included photo-sharing site Flickr, blogging platform Tumblr, and Yahoo Finance. The communication strategy was faulted by many people after the revelation of the historic data breach in 2016. Firstly, it took the company a period of two years to realize a security breach had happened. This worrying for the account users who realized that the accounts were not foolproof and third parties were accessing their personal information and selling on the dark net (Mendelsohn, 2016). However, disclosing a breach is one of the processes driven majorly by legal departments of companies which assess state laws on what should be disclosed. This is very challenging when dealing with sophisticated adversaries who can easily delete records while inside Yahoo network. The delay in the discovery as well as reporting could be termed as common but the size of the breach was enormous. It is very easy to miss initial intrusion and inability to identify a huge leak of prized assets is uncommon. The first report about the breach denied there being such an incident but only to reveal the breach after a thorough check in September. The breach was realized in July but Yahoo took another two months to let its account users to know about the incident. When a hacker going by the pseudonym Peace uploaded 200 million Yahoo credentials on the marketplace called The Real Deal for 3 Bitcoins Yahoo admitted that that they were aware of the potential leak but could not confirm the data authenticity (Khandelwal, 2016). This shows that the company was not swift enough to confirm the incident that had happened in the last two previous years. It took the company two months to reveal the breach in September when the breach had been realized in July. Delaying in communicating such crucial information adds to the worry that users have about their information on any Yahoo platform (Pearson & Nelson, 2000). The users should have notified earlier once the breach was realized in order for them to change their passwords or advised on other security measures to undertake to secure their personal information that could be used by hackers on retail websites like Amazon. In communication it is important to communicate well in order to inspire confidence in the clients. The clients should have been the first people to know about the breach before even the information leaked to the press. Yahoo took a lot of time to engage the clients but by then they had all kinds of versions of the incidents from third parties who are bound to cast aspersions about what really happened (McLean, 2005). The company did not help the clients by withholding information concerning the incidents. While Yahoo maintained that it was not a major breach, it went ahead to encourage clients to change passwords hence signifying the enormity of the problem. The primary source of the message for the clients should have been the company in order to increase their trust concerning the safety of their personal information (Pearson & Nelson, 2000). The message from Yahoo should have been directed towards the clients about the safety of their personal data. Once the company first denied about there being a breach it made the clients to doubt the competence of the machinery concerning the safety of their information. The channel of communication was poor since the company put the information on its website and some of the clients may not have seen the message first hand (Hern, 2016). It was horrifying for some of the Yahoo users to learn about the breach on other media channels. Yahoo should have made sure that clients have learnt about the breach from its sources and no any other channel. It is unfortunate that the breach was realized when the company was being bought by another company hence the issue became sensationalized in the media and other reporting channels. It is the responsibility of the company to be in charge of any communication to the clients and should not allow third parties to pollute the minds of the users by giving dramatic events that may not be necessarily true (Hern, 2016). There is a lot of interference if information channels are not controlled or carefully chosen. When a crisis happens, a company must be prepared and have someone special to act as the spokesperson who will rely the information to the media and other members of the public. Yahoo was not prepared and clients got information from multiple sources hence increasing their worry about their stolen personal information. Having a prepared communicator is important. Yahoo did not provide technical details in their report of how exactly the data was extracted hence it was not possible to credible assess the state sponsored claim (Pearson & Nelson, 2000). State-sponsored allegations are often used to point to surreptitious and sophisticated means of data exfiltration. It was not clear how the passwords were protected by the company. The data breach also brought about a strong challenge with security questions that involves users resetting their passwords through answering questions about mother’s maiden name or their first house. It emerged that Yahoo did not encrypt all security questions in their possession and some were just readable in plaintext. The communication channel used by the company was poor and it was not easy for Yahoo to persuade its users about the safety of their personal data (McLean, 2005). Putting the information on the website instead of reaching to the users personally was not wise. Conclusion This essay had discussed events surrounding the data breach that was realized at Yahoo in July 2016 when it has actually occurred two years before. The two year lapse is worrying since it was enough time for the hackers to use personal information of users to their advantage. The company only realized the incident in July 2016 but let it public two months later in September. During this historic breach Yahoo did not conduct its communication with the public and clients effectively. Despite denying the incident at first, the company later established a data breach had happened as users’ personal information stolen. This incident shows how communication is important during crisis in order to low tension and anxiety of clients and stabilize the company’s shares in the stock marker. The incident points out important procedure that companies have to follow to ensure that they communicate the desired message to clients and the market in the most effective way possible. Effective communication is very important in every circumstance. References Cox, J., August 1, 2016, Yahoo ‘Aware’ Hacker is advertising 200 Million supposed accounts on Dark Web, Motherboard, retrieved from: https://motherboard.vice.com/en_us/article/aeknw5/yahoo-supposed-data-breach-200-million-credentials-dark-web Hern, A., September 23, 2016, Yahoo faces questions after hack of half a billion accounts, The Guardian, retrieved from: https://www.theguardian.com/technology/2016/sep/23/yahoo-questinos-hack-researchers Khandelwal, S. August 1, 2016, Hacker selling 200 Million Yahoo Accounts on Dark Web, Hacker News, retrieved from: http://thehackernews.com/2016/08/hack-yahoo-account.html McLean, S. 2005, The basics of interpersonal communication (p.112). Boston, MA: Allyn & Bacon. Mendelsohn, T., August 3, 2016, Yahoo investigating claimed breach and data dump of 200 million users, ARS Technica UK, retrieved from: https://arstechnica.com/security/2016/08/yahoo-email-data-breach-dump/ Moore, M., August 2, 2016, Millions of Yahoo users details for Sale on Dark Web-are you at risk? EXPRESS, retrieved from: http://www.express.co.uk/life-style/science-technology/695708/yahoo-accounts-hacked-for-sale-dark-web-peace-hacker Olenick, D., 2016, Hacker ‘Peace’ purportedly selling 200 million Yahoo user credentials on dark Web, SC Media US, retrieved from: https://www.scmagazine.com/hacker-peace-purportedly-selling-200-million-yahoo-user-credentials-on-dark-web/article/529976/ Pearson, J., & Nelson, P., 2000, An introduction to human communication: Understanding and sharing (p. 133). Boston, MA: McGraw-Hill. Thielman, S. 15th Dec, 2016, Yahoo hack: 1bn accounts compromised by biggest data breach in history, The Guardian, New York. Retrieved from: https://www.theguardian.com/technology/2016/dec/14/yahoo-hack-security-of-one-billion-accounts-breached Womack, B., Robertson, J. & Riley, M. Sept. 24, 2016, Yahoo Tipped off to Hack by report of Data Dump on Dark Web, Bloomberg Technology, retrieved from: https://www.bloomberg.com/news/articles/2016-09-23/yahoo-tipped-off-to-hack-by-report-of-data-dump-on-dark-web Read More