Yahoo - Incidents of Hacking - Case Study Example

YAHOO Student’s Name Institutional Affiliation Yahoo is one of the world’s leading social platforms with over a billion users. The American multinational technology giant has its headquarters in Sunnyvale in California. The company was started in 1994 by Jerry Yang and David Filo who later incorporated it in March 1995. Yahoo was also among the first social platform to use the internet (Manber, Patel, and Robison, 2000). The platform offers other services like Yahoo!Mail, Yahoo!News, Yahoo!Finance, Yahoo!Groups, Yahoo!Answers, online mapping, and video sharing. Currently Yahoo boast of being the highest-read news and media website (Kahraman, 2008.). Several theories can be used to explain how the hackers are always successful despite the ever increasing cyber security. Professor Douglas McGregor suggested two theories: theory X and theory Y which explain how the workplace environment may contribute to workers getting involved in such incidents. The theories were based on Maslow’s hierarchy of needs and give possible solutions. The company is thus trusted by many people throughout the world who share private information online. The huge number of confidential information that Yahoo has makes it a frequent target for hackers who have succeeded on several occasions. According to Joseph (2016), when such an incident occurs the company surfers’ huge losses, and drastic measures have to be undertaken to safeguard the privacy of their clients.In July 2016, Yahoo was hacked and over 200 million accounts were on sale on a dark net market site. The hacker who was identified as ‘Piece_of_Mind’ claimed to have had the information for quite a while (Trautman and Ormerod, 2016). In December 2016 Yahoo carried out an investigation with its outside analysts and confirmed that an intrusion had occurred and there was a possibility of a data breach. The company had invalidated cookies in an attempt to cut off the intruders. The hackers had been able to access the system by logging in as Yahoo users but without using passwords. The incident has been described as the worst in the history of the internet (BBC 2016). In December 2016 all the users had to change their passwords and answer a security question which was encrypted and known only to them. According to Professor Douglas McGregors’ theory X, some of the workers of Yahoo get dissatisfied with the company’s policies and also the authorities hence when their attempts to get better conditions fail, they may resort to selling confidential information in the dark webs. Similarly, according to Irwin Altman and Dalmass Taylor who articulated the social penetration theory, which described how some of the employees might move from the superficial talking to the revealing talk. Some of the hackers might have interacted with the employees of the Yahoo and thus ending up revealing some of the important information of the company. This might have helped the hackers in getting access to useful information of the Yahoo and hence enabling them to hack it. (Perlroth, 2016) .According to the social penetration theory, the people who are interacting tend to go from intimate conversations as trust develops gradually as a result of the positive interactions and thus ending up disclosing information and their secrets. According to the predicted outcome value theory, the hackers through their interactions with the employees of the Yahoo, they might have learned how to maximize their interaction with them that will help them in their objectives of breaching the company. Some of the hackers can access the data as fake security agents pretending to be investigating highly classified cases. For instance, in 2017, Yahoo had to caution some of its users about a breach that had occurred, and there was a possibility that information from their accounts had been accessed. The hackers had forged cookies and used them to retrieve data from Yahoo database as law enforcement agents. The company quickly alerted the security agencies who were able to get the list on sale on a dark web. The information was being sold for about $300,000, and the buyers were also identified. The people who are most targeted are government officials, military personnel and most foreign offices (Castelluccio, 2017). Some of the workers of Yahoo are at times very ambitious and self-directed, they thus work very hard to get appreciated for the good work to build their self-actualization. When their efforts are not recognized, the workers may, in turn, chose to work with outsiders giving them access to the Yahoo servers. This explains how some of the hackers can forge cookies that give them access to very classified personal information (Lee, 2006). The uncertainty theory states that we tend to know more of the people we know through the interactions than those people we don’t know. The more the hackers get to know about the employees of the Yahoo then the better way they learned of how they could the company easily. Yahoo notified the government of the risk that most of its servants were in and recommended a change in policies to keep key government officials as low-key as possible. These included the discouraging of key targets from posting their personal and professional lives online. This is because Yahoo did not have the authority to investigate some of the cases as part of their policies did not allow them. Yahoo could only protect the users from active attacks but since sometimes the breaches are discovered when it is too late, and the information has already been posted only, it is impossible to reverse the situation. Also according to their Verizon buyout, Yahoo is not in a position to launch serious investigations on any classified case (Perlroth 2016). According to Gestalt theory which states that through interactive communications, people can perceive things concerning the people they interact with. This includes their ideas, and thus the hackers through their communications with the employees of the Yahoo enabled them to perceive the companies ideas easily and thus helping them largely in the breaching of the company. The CEO of Yahoo, Kamarov warned its users about the possibility of their other accounts being hacked too using the information breached from Yahoo. The attackers are usually very experienced and could easily use the information to lure unsuspecting users into revealing other sensitive information. The information is then put on dark websites where it can easily be used for malicious purposes. Once the information has been hacked, it usually takes a while to remove it from the dark webs. Thus the information can still be used to hack other accounts even after the users change the login details. Most people also believe that countries such as Russia and China could be involved in the security breaches (McMillan, 2016). Such allegations usually cause diplomatic strains among the states and suspicion also brings a lot of tension. Yahoo always tries to dismiss this claims considering the seriousness of such allegations as it could lead to war (Cox, 2016). Concerns by many foreign governments have also been raised on the breeches. The European Union, for instance, raised concerns that the US government was also accessing classified information on Yahoo illegally. As a result, Yahoo has to communicate whenever a breach occurs to other foreign countries and ensure that every upcoming national data protection is in accordance with the countries laws. Fain and Pedersen (2006), states that the company assured all its users that their privacy was protected and that no one could access it without their consent. The company denied accepting requests from the US government to leak personal information about people. The Data Protection Commissioner started applying more strict measures on Yahoo to ensure that Yahoo was truly concerned about ending the breaches and not just covering them up (Ruth, 2016) The German Federal Office for Information Security warned other countries about Yahoo claiming that Yahoo was not to be trusted and even encouraged people to use other email services that were more security. Yahoo had a hard time explaining to its many users that it was legit and had a connection to dark webs. Critics even from the government side could believe this and insisted that federal laws be implemented to ensure that those involved in the act were prosecuted. Yahoo was also condemned for covering up breaches for years until it is too late. As a result, the company ensures to inform its clients of any security breach as soon as possible to minimize the chances of them suffering more hacks in their other accounts (Joseph, 2016). Yahoo top officials have to ensure that they fulfill all their obligations under federal security laws by disclosing breaches and not covering them up. According to Manber, Patel, and Robison (2000), Mark Warner demanded the evaluation of Yahoo executives to ensure that they could be trusted. To show their dedication towards safeguarding their clients’ privacy, Yahoo hired Stamos in 2003 to be their chief information security officer. However due to internal conflicts with claims of the company not providing the necessary finances required for the team to run, Stamos and his team left Yahoo (Kahraman, 2008). The hacking of the Yahoo account was so unfortunate that the company at all cost the company had to sit down and draw measures to ensure that such incidents do not occur in the future. This is because the data breaching that had been done to the company was thus the accounts for the Yahoo had been stolen. Yahoo had to even urge its users to change their passwords and their security questions due to the danger that their accounts were being subjected to. They were also urged to change their security questions as they would also be in a risk due to the breaching that had been done. The security of the users of the yahoo company had to be assured to them in the future and to prevent any types of breaching or hacking in the future. The company handled the breaching and the measures they put in place to prevent any occurrence of such in the future as follows. According to Ruth (2016), Yahoo had to work with the law enforcement firms to ensure that they learn more about the breaching. Yahoo had to learn all the possible ways of hacking that were possible to their company and thereafter learn ways of preventing these types of hacking that could be possible to their company. Yahoo had to specifically work with the FBI agents who were experts in determining the different types of breaches as well as the process of how they occur and the people responsible for these breaches. Furthermore, the FBI would help in helping the yahoo in sharing the information that could help in safeguarding their systems against such breaches and also against from the work of the cyber criminals. Furthermore, yahoo had to advise its members to reset their passwords. Yahoo had about 1 billion people all over the world who used one of its properties each and every month. The users might have been affected by the breach and thus yahoo had to notify their affected users. All this would be necessary because the security of the accounts of these users had to be assured to them after the breach. The users who had not changed their passwords since the year 2014 were advised to change their passwords by yahoo. These people included the about 250 million Yahoo Mail, another tens of millions users of the Yahoo Fantasy Sports and also the 81 million use of the Yahoo Mail. The privacy of the various accounts by the Yahoo users was highly advised by the Yahoo Companyas it would enhance their security. The company also advised its users to stop using passwords that can be easily guessed like the date of birth or even the names of the users (Castelluccio, 2017). Since the Yahoo hacking come at a very awkward moment for the Yahoo, it had to sell some of its core internet business to a media giant Verizon Communications. This was due to the pressure by the investor activists who were complaining about the stagnant growth of the yahoo company under the leadership of CEO Marissa Mayer. The company had to engage in multi-month sales process due to this pressure. However, it was during this time of engaging in a deal with the Verizon Communication that the company experienced the breaching. The Verizon Communications claimed that they were not informed of the breaching earlier enough. They claimed that they were only informed two days before the breaching. Since most of the users of the Yahoo might think that there is much for them in their Yahoo accounts that would be of importance to the hackers, the Yahoo Company had to inform its users the importance of these credentials. The users who might have thought that the email accounts and their Yahoo passwords may have little importance to the hackers. This was contrary to the case as the other the two credentials of the Yahoo mail and passwords may Give the hackers a lot of uses for the hackers for getting the information (Ruth, 2016). The yahoo company also advised the users owning its various accounts not to reuse their passwords across the all the various accounts that they own. The Yahoo had to warn the users of the danger of the hackers having their passwords and email address as the hackers have a chance to have access to multiple accounts. The Yahoo termed this as ‘credential stuffing’ as it warned that the act has become rampant over the last years. Once the hackers get access to the various accounts of the users, they run through them in all the sites targeting the places where they want to attack. Some of the places that the attackers may target is the bank accounts and credit cards (Joseph, 2016). Conclusively, Yahoo had torecommend each user of their accounts should freeze their credit report and also use the company that monitors their credit. The incidents of hacking had become famous all over the world and the breaching of the Yahoo at 2016 was supposed to teach a lesson the company and every user of the all the accounts in the Yahoo to be cautious of these acts. References Castelluccio, M., 2017. The Most Notorious Hacks of 2016. Strategic Finance, 98(7), p.55. Cox, J 2016, Yahoo aware Hacker is advertising 200 million supposed Accounts on Dark Web’ Theme, E. and Buchanan, M., Ya-Uh-Oh! Yahoo Data Breach. Fain, D.C. and Pedersen, J.O., 2006. Sponsored search: A brief history.Bulletin of the American Society for Information Science and Technology,32(2), pp.12-13. Joseph, R 2016, here’s what you need to know about the Yahoo hack, Global news Retrieved online on September 25, 2016 Kahraman, C. ed., 2008. Fuzzy multi-criteria decision making: theory and applications with recent developments (Vol. 16). Springer Science & Business Media. Lee, K., 2006. Anti-Employer Blogging: Employee Breach of the Duty of Loyalty and the Procedure for Allowing Discovery of a Blogger's Identity Before Service of Process Is Effected. Duke L. & Tech. Rev., 2006, pp.2-20. Manber, U., Patel, A. and Robison, J., 2000. Yahoo!. Communications of the ACM, 43(8), p.35. McMillan, R 2016,‘Yahoo Executives Detected a Hack Tied to Russia’ The Wall Street Journal, vol. 38, no. 3-4, pp.213-218 Perlroth, N., 2016. Yahoo Says Hackers Stole Data on 500 Million Users in 2014. The New York Times–Retrieved online on September, 22, p.2016. Ruth, A 2016, Yahoo ‘state’ hackers stole data from 500 million users, BBC News Retrieved online on September 23, 2016 Trautman, L.J. and Ormerod, P.C., 2016. Corporate Directors’ and Officers’ Cybersecurity Standard of Care: The Yahoo Data Breach. Read More