Latest in Culture

Image credit: Justin Sullivan/Getty Images

Yahoo reportedly downplayed security for years

It was worried that tougher safeguards would scare users away.
627 Shares
Share
Tweet
Share
Save

Sponsored Links

Justin Sullivan/Getty Images

That massive Yahoo hack might have been less of a one-off disaster and more a symptom of larger, systemic problems with security at the internet pioneer. New York Times sources claim that Yahoo made security a relatively low priority for years, prioritizing convenience when possible and reacting only after serious incidents (such as bug bounties following an account breach in 2012). Reportedly, the company even skipped out on safeguards that are considered virtually mandatory in many places -- CEO Marissa Mayer rejected a password reset out of concern that it would drive users away from Yahoo Mail.

The company took a big step by hiring chief information security officer Alex Stamos, who implemented valuable measures like widespread encryption, collaboration on threat data and "red teams" that broke into Yahoo systems to see how vulnerable they were. However, Mayer supposedly fought with Stamos' group, depriving it of resources and stalling the implementation of vital features like intrusion detection. Many of its security staffers have left for Silicon Valley mainstays like Apple, Facebook and Google, according to insiders.

A spokeswoman suggests to the Times that things are on the mend. It spent $10 million on encryption in 2014, and that its security investments jumped 60 percent between 2015 and 2016. Yahoo has a "deep understanding" of online threats, the representative says, and it tries to "stay ahead" of those dangers to keep you safe.

If the report is accurate, though, it hints that the increased spending might be necessary for catching up. It'd be an acknowledgment that the company's previous focus on ease of use over security was too risky, and that whatever inconveniences you suffer from added security are far, far more preferable to losing sensitive info to hackers. And lax security doesn't just scare away some customers -- it could even jeopardize that lucrative Verizon deal.

Engadget’s parent company, Verizon, now owns Yahoo. Engadget remains editorially independent.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
627 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Google Chrome now offers better theme customization and tab grouping

Google Chrome now offers better theme customization and tab grouping

View
Leaked screenshots show how Apple's tracker tags might work

Leaked screenshots show how Apple's tracker tags might work

View
Tesla targets Nürburgring EV record next month

Tesla targets Nürburgring EV record next month

View
Mark Zuckerberg visited Donald Trump at the White House

Mark Zuckerberg visited Donald Trump at the White House

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr