If Yahoo won’t take security seriously, then it deserves to die

Eric Abent - Sep 28, 2016, 12:43 pm CST
6
If Yahoo won’t take security seriously, then it deserves to die

Yahoo has been in the news quite a bit recently, and aside from the announcement of its sale to Verizon, that news has mostly been negative. That’s because Yahoo recently revealed that it was the victim of a major security breach. Again. This time around, whoever beat Yahoo’s security made off with the login credentials and personal details associated with 500 million accounts.

500 million accounts put at risk in the blink of an eye can be tough to even conceptualize. 500 million is almost twice the population of the United States, which on its own is a difficult number to comprehend. Regardless of my own struggles imagining the sheer scale from this attack, the fact remains that we have arrived at this point and we’re talking about it. Again.

To make matters worse, a new report from The New York Times claims that security was something of an afterthought for Yahoo, despite the fact disclosures from Edward Snowden showed that the company was frequently a target for attempts at large-scale security breaches. The report makes some very damning claims, with most coming from the mouths of current and former Yahoo employees. The report is definitely worth a read on its own, but here are a few of the major talking points:

• Marissa Mayer was “reactive” to security issues, instead choosing to focus on turning Yahoo into a Google competitor and a major destination for video streaming.
• Bolstering security meant potentially making Yahoo’s products slower and less intuitive, which was something the company was not willing to do.
• Even after Yahoo hired Alex Stamos, a man known for his efforts in the data security space, he and Mayer butted heads on putting significant money toward security measures. These measures that Mayer didn’t want to fund included intrusion detection. Intrusion detection, of all things.
• Against Stamos’ suggestion, Mayer decided not to employ automatic password resets for the company’s users, out of fear that the inconvenience would drive them to competitors.

These revelations are deeply disturbing. Even if everything in The New York Times‘ report is untrue and entirely made up (which doesn’t seem realistic), the fact remains that Yahoo was still the victim of a breach that affected 500 million accounts. Oh, also – as the cherry on top of this already putrid sundae – that breach happened in 2014, and we’re only finding out about it just now. Regardless of the veracity of the Times‘ sources, the breach itself is the only evidence we need to see that Yahoo isn’t taking security seriously.

It’s unclear at this point if the breach will affect Verizon’s purchase of Yahoo, but I believe it absolutely should. Verizon should walk away from Yahoo and leave it to rot, because if Yahoo isn’t going to take security seriously, it deserves the slow death it’s currently experiencing. It doesn’t deserve to have a savior and it doesn’t deserve to have a loyal userbase that continues to use Yahoo Mail when there are better, more secure alternatives out there.

This is, of course, the latest in a long list of major security breaches to befall massive technology companies. When this happens, some companies begin to take these matters much more seriously, flooding their security divisions with money and people in an effort to become more proactive to security threats. Some of them just stay the course and wait for the buzz surrounding their breach to die down.

It’s the companies that don’t learn from these breaches that have no place offering services to the public – especially when those services are geared toward collecting as much information from users as possible. An online company that does not back its users with the best security it can offer, in my opinion, has no right to exist.

Personally, I’m tired of hearing about these breaches, and while at one point I was rooting for Yahoo to make a comeback, I no longer feel that way. It’s clear now that Yahoo is a terrible company and Mayer was a poor choice to lead it. Yahoo has made it obvious here that it doesn’t respect its users enough to put even halfway decent security measures in place, and it should lose everything as a result.

Do yourself a favor and abandon Yahoo. Subject yourself to a little inconvenience by switching email services and let Yahoo fade further into the obscurity that has been beckoning for years. Then, when Yahoo tries to woo old users back through an aesthetic overhaul or new acquisition or whatever pointless feature it pretends is the greatest thing ever, remember this breach and tell Yahoo to go to Hell.

This post is the opinion of the author, and does not necessarily represent the opinions of SlashGear.


Must Read Bits & Bytes