Skip to Content

Yahoo Should Say Whose Data Was Used to Hack Yahoo Mail

Naming the company whose poorly secured data is being used to attack Yahoo Mail accounts could improve online security.
January 31, 2014

Yahoo warned yesterday that many Yahoo Mail accounts are being targeted by someone with a list of passwords and usernames stolen from another company. Yahoo could help make the Web more secure by naming the source of that “third-party database compromise.”

Naming the company would set a precedent and raise the stakes for those with large userbases. Knowing that your company could be publicly shamed if data from your servers enabled attacks like that on Yahoo Mail would provided added incentive to properly secure username and password databases.

That’s needed because we have evidence that even major technology companies don’t bother to properly secure their passwords, even though password databases are frequently stolen. When 6.5 million passwords were taken from LinkedIn in 2012, decrypted versions were available online a day later because the company’s encryption was relatively weak. The 130 million passwords taken from Adobe in November last year were also discovered to have been improperly secured, in a manner that falls far short of industry best practices.

Better technical solutions to the problem of encrypting passwords do exist and are not prohibitively expensive for such companies. They just seem not to care enough about their customers’ security. That might change if Yahoo was brave enough to say where the data that led to its users having their e-mail accounts targeted came from. Yahoo didn’t respond to a enquiry this morning about the source of that data.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.