Trouble at Yahoo!

Introducing CardConnect!
January 24, 2017
Introducing the Shimmer
February 7, 2017
Introducing CardConnect!
January 24, 2017
Introducing the Shimmer
February 7, 2017

2016 was not a good year for Yahoo. First over the summer a data breach that compromised the records of 500 million users. As if that was not bad enough it was revealed in December that in 2013 there was another breach that affected up to one billion users. Let that sink in since after all there are six billion people on this planet. There has been a steady story about data breaches and Yahoo since 2012 and it appears that the lessons are not sinking in.

Security it seems in not Yahoo’s chief concern. Their security team and their CEO have clashed over the cost of implementing better security and the inconvenience it would cause their users. Unlike many of their Silicon Valley competitors like Google they have been slow to learn the lessons of modern data security. Making the web portal more user friendly and faster (admirable goals to be sure) outweigh tighter security and as a result many of the best and brightest of their web security team have moved on to other companies. Perhaps the only silver lining in this whole debacle is that at least Yahoo took protecting its user’s credit card information seriously.

With the impending sale to Verizon on the horizon this is a terrible time for this information to come out for Yahoo. In fact it seems Yahoo itself was unaware of the breach until law enforcement brought it to their attention. This is a revelation that could potentially cost Yahoo billions of dollars and many people their jobs.

It does goes beyond what it means to Yahoo. For their users it is more than just strengthened security on Yahoo’s website and being forced to change their password for their account there. Chances are the users have other accounts online like Gmail or with their ISP and chances are good that they will have to change their password and security information there as well. Any e-commerce website that they used may also have to have the information changed. Now the users will have to remember a new password, or better yet, set different passwords for each account. Amazon, eBay, PayPal and who knows how many others will have to be changed. All of this takes time on the customer’s end all the while probably cursing Yahoo’s name. For any potential users, they may now think twice about coming onboard with them and may go with a competitor instead.

As a merchant you are probably thinking what does this have to do with me? I don’t have billions of names and addresses stored in my businesses database so why would an identity thief want my company’s information? Information is valuable, even if it is just a name, email address and security question. A thief can use that just to get started. Maintaining PCI compliance can go a long way to preventing this from happening. If a thief has to work extra hard for a limited payoff chances are they will just move on to a softer target. Your customers are entrusting you with their data, secure it, all of it.