vlog

NOWCAST vlog News at 10pm Sunday Night
Live Now
Advertisement

Yahoo cookies breach compromised 32 million accounts

An SEC filing also alleged that the company didn't do enough to investigate a 2014 breach
Abigail Elise
National Curator
Yahoo cookies breach compromised 32 million accounts

An SEC filing also alleged that the company didn't do enough to investigate a 2014 breach

WEBVTT ATTACK.NORTH KOREA IS DENYING.MARK: IT GETS MORE WEIRDEVERY DAY.THE C.E.O. OF YAHOO IS NOTGOING TO LOSE HER CASHBONUSES DUE TO THATCOMPANY'S MASSIVE SECURITYBREACHES.MARISSA MAYER CHOSE TO GIVEUP HER ANNUAL EQUITY GRANTFOR THIS YEAR.NO DOLLAR AMOUNT HAS BEENPROVIDED BUT SHE RECEIVEDMORE THAN $162 MILLION INSALARY AND STOCK AWARDSDURING HER FIRST FOUR YEARSAT THE COMPANY.THE TWO SECURITY BREACHESAFFECTED MORE THAN ONEBILLION YAHOO CUSTOMERS.>> THE LEADERS OF WELLSFARGO TOOK A BIG PAY HITDUE TO THAT BANK'S FAKEACCOUNT SUBSTANTIAL.WELLS FARGO BOARD OFDIRECTORS STRIPPED ITSC.E.O. AND SEVEN TOPEXECUTIVES OF THE 2016BONUSES THAT AS THE BANKSEEMS TO HOLD MANAGEMENTACCOUNTABLE FOR STUMBLES.WELLS FARGO ADMITTED TO
Advertisement
Yahoo cookies breach compromised 32 million accounts

An SEC filing also alleged that the company didn't do enough to investigate a 2014 breach
Abigail Elise
National Curator
Things aren't looking great for Yahoo. On Wednesday, the company's annual SEC filing revealed that its recently announced 2015-2016 data breach impacted 32 million accounts, the third incident in just six months. A quick recap: - In February, the Sunnyvale-based company announced a 2015-2016 "state-sponsored" attack used forged cookies to bypass 32 million password-protected accounts. - In December 2016, Yahoo confirmed more than one billion accounts had been infiltrated through a 2013 security breach. - In September 2016, Yahoo revealed that a similar attack in 2014 targeted 500 million users. In response to the bleak news, CEO Marissa Mayer said she would forgo her annual bonus and yearly equity grant in a blog post. But Mayer's response doesn't address the real issue, say some security experts. "The announcement talked a lot about who is not getting their bonus," Zenedge co-founder, CUJO Smart Firewall CTO and cybersecurity expert Leon Kuperman tells us Thursday. "What about changing the corporate environment, structure and culture to think security first? Blaming this on a state actor is lame. Internal leaks are part of business, the key is to have compensating controls that prevent these types of leaks from being able to damage the company." It gets worse - the same report claimed that Yahoo's security team and senior executives allegedly failed to thoroughly investigate the 2014 breach that infiltrated 500 million accounts. While the company implemented new security measures and alerted 26 users of the hack, an in-depth examination was never conducted. "Yahoo is not thinking like a technology company. They don't have a CTO, but rather a group of SVP's that are responsible for product and engineering for specific product lines," Kuperman explained. "A company like that needs a very strong CTO, and a seat at the table for a chief security officer." Can Yahoo repair its reputation after so much negative publicity? "They have to show the world they are taking technology and security seriously," Kuperman said. "That is going to take changes at the C-level, not just some inconvenient bonuses being taken away."
SUNNYVALE, Calif. —

Things aren't looking great for Yahoo.

On Wednesday, the company's revealed that its 2015-2016 data breach impacted 32 million accounts, the third incident in just six months.

Advertisement

Related Content

A quick recap:

- , the Sunnyvale-based company announced a 2015-2016 "state-sponsored" attack used forged cookies to bypass 32 million password-protected accounts.

- In December 2016, Yahoo confirmed more than one billion accounts had been infiltrated through a .

- In September 2016, Yahoo revealed that a similar attack in 2014 targeted 500 million users.

In response to the bleak news, CEO Marissa Mayer said she would forgo her annual bonus and yearly equity grant in a blog

But Mayer's response doesn't address the real issue, say some security experts.

"The announcement talked a lot about who is not getting their bonus," , CTO and cybersecurity expert Leon Kuperman tells us Thursday. "What about changing the corporate environment, structure and culture to think security first? Blaming this on a state actor is lame. Internal leaks are part of business, the key is to have compensating controls that prevent these types of leaks from being able to damage the company."

It gets worse - the same report claimed that Yahoo's security team and senior executives allegedly failed to thoroughly investigate the 2014 breach that infiltrated 500 million accounts. While the company implemented new security measures and alerted 26 users of the hack, an in-depth examination was never conducted.

"Yahoo is not thinking like a technology company. They don't have a CTO, but rather a group of SVP's that are responsible for product and engineering for specific product lines," Kuperman explained. "A company like that needs a very strong CTO, and a seat at the table for a chief security officer."

Can Yahoo repair its reputation after so much negative publicity?

"They have to show the world they are taking technology and security seriously," Kuperman said. "That is going to take changes at the C-level, not just some inconvenient bonuses being taken away."

Top Picks

It's a girl! Shohei Ohtani of the Dodgers is now a father
30 years after the Oklahoma City bombing: Learn more about the 168 people who were killed
A look at what happened in the US government this week
Get the Facts: Autism rates rose to 1 in 31, this is the CDC data