Yahoo's Hacking Scandal

Yahoo's Ethical Breach and Failure to Protect User Information

Yahoo is a global technology company that serves millions of customers each month with email and other internet services. Since the early 1990s, the majority of people have formed digital identities using Yahoo. To maintain a competitive edge in the fiercely competitive market, Yahoo maintains an organizational culture that values creativity and innovation. Additionally, the business has built a reputation as an ethical corporation in the past thanks to its set of values that govern the moral behavior of its personnel. For this reason, the company revises its ethical policies and compliance, and has even trained its internal employees to ensure they work within the set ethical rules. The good reputation has seen the company attract billions of clients who use their services. In 2013 and 2014, the company has suffered two hacking breaches that have seriously compromised the information of Yahoo users. As expected of an ethical company, Yahoo users expected and deserved to be notified of such a serious issue. However, the company did not reveal the 2014 breach until September 2016. The company disclosed that about five-hundred million Yahoo users' security questions, birth dates, email addresses, encrypted passwords had been compromised by a "state-sponsored actor". As a result, the company has had to force its users to change their passwords and other privacy information to avoid further damage.

Delaying Disclosures Raises Ethical Concerns

As a corporate company, Yahoo owes its users notifications in case of suspected security breach. However, the company has taken almost two years to disclose the security breach. Being an information technology company, Yahoo users expect that the company has a security system that monitors any form of breach and try to avoid it (Bolot 2). The fact that the breach happened two years ago, only for the company to disclose such serious information two years later raises ethical issues (Buera et al. 3). .For starters, the company has taken too long to act on an issue that they would have solved immediately they learned of the breach. Worse, the company does not have an accurate figure concerning the number of affected accounts and is only working with estimates. Thus, there is a higher probability that more accounts may have been affected. Even though both the company and their customers have not lost any finances, the hackers may use the customer's information to pause as authorities and ask for private information such as bank accounts (Bolot 3). In turn, they will manage to transact money illegally from the user's accounts. For this reason, Yahoo has failed to protect their customers.

Failure to Notify Users and Lack of Security Measures

Besides, Yahoo users only learned of the breach after a user going by the name "Peace of Mind" started selling the stolen data on a dark web. This means that the company would still have withheld the breaching information from their users had this hacker not sold the data. Yahoo has added salt to injury by waiting for another hacker to start selling customer information. As a result, they have failed to observe their ethical issues and in turn failed to serve their customers in the right way by telling them about the breach (Walters 5). Also, the company claims that the hacker may have received "state-sponsorship" to enable his or her activities. However, state-sponsored hackers do not share stolen data publicly or sell it like "Peace of Mind" did. The company has no concrete technical details regarding the ex-filtration of the data; therefore, the company may have been hacked by more than one hacking system. These unsupported claims raise security issues regarding the company's security measures. Yahoo has failed to upgrade its security systems or revise them to protect their customers from hackers.

Failing to Protect User Passwords and Security Questions

Besides, the company has failed to protect their users' passwords. Regarding this, Yahoo confirmed that users' passwords were hashed. In particular, hashing refers to a one-way transformation that allows another than the actual password to check a site. The breach also identifies a problem with Yahoo's "security questions". Regarding this, the company uses a common practice of asking its users to reset their passwords by answering certain common questions. Yahoo has not encrypted these security questions, and therefore anyone can read some of them. For this reason, hackers can easily access a user's security questions and log in to their accounts. Thus, the company has shown that it has failed to protect customer information by using better security measures (Walters 3). The consequences of hacking have become worse than if the company would have applied strict security measures. As a result, Yahoo has not only ruined its reputation but risked a lot of customer information in the hands of hackers. Hence, the company has failed to serve its customers in the most ethical way possible. While asking their customers to change their passwords and security questions, the company does not retrieve the sensitive information being used by the hackers.

Conclusion

In conclusion, Yahoo has performed exceptionally well in the recent years and managed to amass a large number of users who use their services. However, failure to protect its customer's information from hacking shows that the company has failed its ethical obligation. And even though the customers have assumably changed their passwords, the company has failed to protect their information and shown their incapability to protect sensitive data.

Works Cited

Bauera, Johannes M. and Michel J.G. van Eetenb. Cybersecurity: Stakeholder incentives, externalities, and policy options.Telecommunications Policy, 2009, 33, (10-11)

Bolot, Jean and Marc Lelarge .Cyber Insurance as an Incentive for Internet Security. Managing Information Risk and the Economics of Security. Springer. 2009

Walters, Riley. Issue Brief. The Heritage Foundation, 2014.