kq4ym 12/28/2016 | 5:00:55 PM
Re: 3 years?! Interesting that there's probably no legal penalties. I wonder if this is because of the long time since the crime or just because there's been no large scale damage to customers? With just partial passwords and no financial data taken, I suppose it's hard to prove any damages even in a class action suit.
inkstainedwretch 12/15/2016 | 4:55:44 PM
Why Three Years? We cannot jump to conclusions. Yes, Yahoo could have been sitting on the information. But it is also very possible for three years to elapse without any additional irresponsibility beyond failing to stop the original hack. 

It is not uncommon for malicious hackers to sit on data for a while -- years even -- before they decide to sell/share the data. 

Yahoo was apparently unaware of the two hacks until some third-party security experts brought them to Yahoo's attention. As reported, Yahoo still doesn't know what the original hacks were. This suggests that all they have are the lists of the hacked accounts.

One of those lists has a half-billion names, the other a billion. If it is true that those lists are the only evidence they have of the hacks (a notion supported by the assertion that they don't know the mechanism of the hacks), it might have taken months simply to develop the suspicion there might have been two hacks. Once that realization hit, it would take some time to verify that the half-billion list wasn't just a subset of the billion list. If it was a subset, there was just one hack. If they lists diverge significantly, then there were two. 

I can't say for a fact either way. But with the information we have been given, both explanations are plausible.

--Brian Santo
inkstainedwretch 12/15/2016 | 4:36:46 PM
Re: No telling Yup.

--Brian Santo
Mitch Wagner 12/15/2016 | 4:19:42 PM
Yahoo HQ Street View photo of Yahoo headquarters:

Mitch Wagner 12/15/2016 | 4:10:43 PM
Re: No telling While I agree with you on the lack of consequences for data breaches, Verizon may use this hack -- like the previous one -- to negotiate better terms. 
dishnetwork 12/15/2016 | 12:13:26 PM
3 years?! It took 3 years for them to disclose this? Ridiculous!
inkstainedwretch 12/15/2016 | 12:03:54 PM
No telling There are two ways to look at this.

1) The accumulation of hacks on Yahoo were really, really, really bad. No one should be surprised if Verizon calls it off.

2) The accumulation of hacks on Yahoo are ancient; if any company has ever been legally penalized for a hack, it's rare; if any corporate executive has ever lost their job as penalty for a hack, I don't know who it is; every single subscriber has been hacked so often elsewhere with little or no remuneration, there's no expectation of recompense of any sort any more, and going elsewhere seems pointless because if it isn't Yahoo, it's their (our) shopping outlets, insurance company, medical facility, or the state & federal government agencies. In short, nothing has diminished the value of what Verizon wants: the subscriber traffic and the ad business. No one should be surprised if Verizon pulls the trigger on the deal anyway.

I'm not betting on one or the other. Both seem equally likely to me.

--Brian Santo
[email protected] 12/15/2016 | 10:19:30 AM
Here's another way to look at it...

New Yahoo SNAFU may poo-poo Verizon woo

[email protected] 12/15/2016 | 7:07:00 AM
I just looked up 'toxic brand' in the dictionary... I just looked up 'toxic brand' in the dictionary... [insert your own answer here]

If Verizon does decide to go ahead, I bet the deal now involves about 100 extra pages of liability clauses.
Sign In