What lessons can the chief information officer of tomorrow (and today) learn from the record-breaking Yahoo! mega-breaches of recent years?
Yahoo! was once best known for being the search engine that lost out to Google in the nineties, but went on to become an internet giant acquiring blogging platform Tumblr in 2013 for $1 billion in cash. Today it’s better known for falling victim to the biggest cyber-security breach in history, also occurring in 2013 and involving a billion user accounts.
In addition, it fell victim to attackers in 2014 with a breach that impacted more than 500 million user accounts, the second largest in internet history. It hardly seems fair to mention the most recent disclosure from Yahoo! that revealed hackers accessed a further 32 million accounts using a forged cookie attack, stretching back two years.
This followed a statement in December 2016 confirming data associated with more than one billion accounts, dating back to August 2013, had been stolen. To compound how bad things have been for the company, just three months earlier it had disclosed an attack involving 500 million compromised accounts from 2014.
That Yahoo! is facing several lawsuits in the United States and abroad, as well as investigation by members of the US Congress, could explain why requests for comments go unanswered by its press office.