Yahoo exposed for not cooperating with data breach investigations

Multinational technology company ‘Yahoo’ hasn’t seen the end to the ongoing criticisms since the first cyber-attack in 2013.

On 11^th May 2017, Germany’s federal cyber agency The German Federal Office for Information Security (BSI) noted Yahoo was being uncooperative in their investigation into a series of cyber-hacks that compromised approximately 1 billion accounts between 2013 and 2016.

According to the BSI, an additional 32 million Yahoo users were affected by cyber-breaches in 2015 and 2016, but have yet to hear of any cyber-breaches affecting Yahoo users in 2017.

When will it end?

Yahoo Uncooperative

The BSI said that Yahoo’s offices in Dublin, Middle East and Africa “refused to give the BSI any information and referred all questions to the Irish Data Protection Commission, without, however, giving it the authority to provide information to the BSI.”

This could insinuate that Yahoo has something to hide…

Surely, if they had nothing to hide, they’d give information willingly to the federal cyber agency. By reportedly delaying investigations and being uncooperative, Yahoo could land themselves in more hot water.

Partial publication of the investigation

As the BSI’s findings haven’t yet been finalised, their investigation should be kept confidential, but Yahoo’s uncooperative stance has led the federal cyber agency to publicise this information after Yahoo failed to respond to efforts to look into the data breaches.

They also state that Yahoo has failed to put in place plans to prevent similar breaches in the future. This could be substantiated by the fact that, following on from the breach in 2013, Yahoo’s management board were reportedly made aware of the risks but failed to take proper action, and seemingly brushed issues under the carpet. Given the volume of Yahoo users, this comes as a surprise.

Yahoo haven’t yet responded to allegations made by the BSI. This has apparently made the BSI’s investigations a lot harder as they’re unable to produce concrete findings about the data breaches as a result of Yahoo’s lack of cooperation.

Cooperation is key!

While hanging Yahoo’s dirty laundry out to dry, the BSI also took the time to remind international active internet service providers to work more closely with them, in the event German citizens are affected by cyber-attacks and/or data breaches in the future.

Potential reasons behind the hacking

Not to theorise too much, but the BSI’s intervention comes at a significantly important time. Tensions are high as the German government are worried that their national election, which is due to take place on 24^th September 2017, will be sabotaged by a cyber-attack that could be tied to Russia. This comes after cyber-attacks were made on French and U.S. elections which have been reportedly linked to Russia.

In 2014, the U.S. Justice Department charged two Russian intelligence agents and two cyber-hackers for the hacking and theft of half a billion Yahoo email accounts. The Russian government hastily denied its involvement in the scandal.

Users warned to stay vigilant

Though they haven’t been able to produce any findings, the BSI President, Arne Schoenbohm, warned users to stay vigilant:

“…users should therefore be very careful about which services they want to use in the future and to whom they entrust their data.”

His annoyance that Yahoo hasn’t cooperated is clear as day when he puts forward the recommendation that all German users should consider switching to other email service providers; for example, those that will have valuable security for their users like C5-class cloud service security. The C5-class cloud service is a government-run scheme that forces cloud-based internet service providers to undertake that they’re using various safeguards against cyber-attacks.

Survey finds that if you make over around £60,000 annually or graduate from University, you’re more likely to become a target of credit/debit card fraud.

How much did WannaCry hackers receive from their ransomware attacks?