Introduction

Yahoo, once a popular internet company, faced two major data breaches in 2013 and 2014. These breaches exposed billions of user accounts, making it one of the biggest cybersecurity incidents ever. This case study looks at how the breach affected Yahoo, what went wrong, and what could have been done to prevent it.

Impact on the Company

The Yahoo breaches caused serious problems for both the company and its users:

1. User Impact, Over three (3) billion accounts were hacked in 2013 and five hundred (500) million more in 2014. Hackers stole names, email addresses, hashed passwords, phone numbers, and security questions, and many users faced risks like identity theft, phishing scams, and fraud.
2. People lost trust in Yahoo and started using other services, Verizon lowered its purchase price for Yahoo by $350 million because of the breach, and Yahoo had to pay $117.5 million to settle lawsuits and faced fines from regulators.

Implications for Yahoo's Operations

These operations that have serious damage to the company are:

1. Money loss, Yahoo lost a lot of money due to lawsuits, fines, and a drop in its company value.
2. Work delays, It had to focus on fixing the problem and dealing with the public, which slowed its progress.
3. Business damage, The reputation took a hit, and it became less competitive in the market.

Policies that Could Have Prevented the Breach

Despite the damages and breaches that caused serious damage to the company Yahoo could have done several things to prevent or reduce it:

1. Better data protection, use stronger password encryption methods like bcrypt, and encrypt sensitive data including security questions and answers.
2. Regular security checks, scan for vulnerabilities and test security weaknesses regularly, and ensure all software is up to date with the latest patches.
3. Access control, limit employee access to sensitive data, and watch for unusual activity that could mean someone is hacking the system.

Recommendations

These recommendations to avoid future breaches, Yahoo could have done the following:

1. Better monitoring tools, use advanced tools to track and stop suspicious activity in real time.
2. Use multi-factor authentication (MFA), and add an extra layer of security by requiring users to verify their identity in multiple ways.
3. Separate networks, divide the system so sensitive data isn’t stored in one place, making it harder to hack.
4. Trainings, teach employees how to recognize and avoid security threats, like phishing emails.
5. Hire cyber security experts, and work with professionals to find and fix security issues regularly.

Conclusion

This case study showed that Yahoo data is essential and that strong security measures need to be put in place. If Yahoo had better security practices and responded faster, it could have avoided losing so much money and user trust.

Key Findings

Encryption - Hashing methods to protect user data

Response - Essential to act quickly after a breach

Network security - Access control and system monitoring can prevent attacks

References

500 million Yahoo users affected by data breach - password change recommended. (n.d.). Trend Micro (PH).

Perlroth, N. (2017, October 3). All 3 billion Yahoo accounts were affected by 2013 attack. The New York Times.

Cybercrime Magazine. (2024, November 18). Yahoo still ranks as the largest data breach in history.

Wikimedia Foundation. (2024, October 14). Yahoo data breaches. Wikipedia.

Redfern, E. (2024, July 2). The Yahoo Cyber Attack & What should you learn from it?. Cashfloat.