Yahoo Breaches Continues

Posted on at

Usage of electronic mail has been a hit from the time it was introduced until this very day. Email as it is addressed as an acronym of its terms, electronic and email. Without it, the birth of other communication medium might have been impossible pr if not, it would have taken a long time to give birth to instant messaging, peer to peer communication and the like.

With the birth of Email, the security and stability of a certain Email channel has been introduced as well because of the data that comes with all the emails running back and forth in the huge network of internet. Today, I would like deal with the email channel of Yahoo which has been one of the first email sites introduced to the public and of which I have personally created my first ever email address.


Image credits: Mohammad Kheirkhah via

Talking about Yahoo is a bit of a challenge because of the complexity of the subject but because Micky-the-slanted-Salerno had offered double rewards for this topic, I am trying my best to elaborate and create an article about the matter.

Yahoo Email Address

Back in 2005, when I was in college, freshman and taking up Bachelor in Information Technology, it was a requirement that we create our own Email address as other projects and subjects would need us to submit our own documents or papers through email messages addressing to our instructors. As a freshman coming from a province in another island ( I went to Cebu Institute of Technology ), it was a great challenge to be living alone away from my family and with a little background on computers, I have to cope up with what has been fed into my brain in each class or subject I was taking.


Image credits:

I used to go to an internet cafe where I make my research papers, projects and other activities before my parents eventually bought a laptop for me. I was already in my third year when I owned a computer for my studies so it was a struggle for me to find a spot in every internet cafe since there were also other students who were just like me.

But I can still recall how I had created my own Email address. I have to input my personal details such as my first and last name, my birthday, gender, my location and a lot more. Yahoo even asked for my security question and answer in case I would forget my personal password, this will be used for me to recover it and would give me access again to my account. After all the processes, I have successfully reached my inbox. Got one welcome email message coming from the Yahoo team which talked about thanking and welcoming me for the patronage.

There was only Yahoo at that time, at least that's what I know. Technology and the world wide web has been increasing growing that nowadays, there are more competitors but even so, I still have my Yahoo account and it is still active.

Yahoo 2013 Controversy

Video credits: ABC News via

As the internet start to become a trend and almost everyone has an Email address, certain personalities also started to gain interest on information that comes together with every email address they can have accessed to.

Information can be sold to certain companies which makes use of them. Even email addresses cost dollars. Data thieves were rampant and they started ruling the internet. The first issue Yahoo had to undergo was the compromised email accounts which were over a billion in August 2013.

Yahoo 2014 Breach

Video credits: ARIRANG NEWS via

Data hacking through Yahoo is a serious issue but for some unknown reason, Yahoo had been a victim yet again with another data breach with 500 million accounts being accessed in 2014.

The company has then started notifying their users about the breach and advised to secure their accounts again by performing certain steps and procedures such as resetting their passwords and other security features.

After certain investigation, the company found out that the issue was because of the following:

"The proprietary code running Yahoo's systems was accessed so as to learn how to forge cookies. Those unauthorized cookies were then used to access user accounts.

The cookies have since been invalidated to block further access and all affected users should have been contacted by Yahoo regarding how to re-secure their accounts. As to why hackers take the time to breach Yahoo's servers and access accounts, it turns out the data is worth something. In August last year it was revealed that some of the stolen Yahoo data was available for sale on the dark Web for $300,000."

Information reference:

Yahoo 2017 Data Breach Again


Image credits:

When the second data breach had been found out, Yahoo added further certain security features on their accounts. I recall activating a certain Yahoo Account Key. This gives the option for the user to generate a four digit account key, it serves as an additional passcode to get access to the account.

Like other sites which creates OTP or one time password such as credit card online transactions or like in the case of pilots accessing their schedule rosters via their portal on a web browser, certain airlines have made OTP verification to ensure that only the specific user has access to it, Yahoo had also applied the same theory.


Image credits: 

A user can select the options such as sending the account key via txt message, call or have it sent over to the recovery email. In the process, the user has to add a valid mobile number to ensure that he or she is able to receive the code. So far, this has been issued and used by the millions if not billions of users. I had my own mobile number to receive the code so I always receive text messages from Yahoo each single time that I would access my email inbox.


Image credits:

However, this didn't stop the hackers to gain access to these million accounts. According to the news:

"Yahoo today revealed that some 32 million accounts have been accessed by intruders over the past two years. These accounts are in addition to the accounts affected by the two data breaches the company had previously disclosed.

According to Reuters, the accounts were compromised using forged cookies. Yahoo is currently of the belief that the accounts were accessed by the “same state-sponsored actor believed to be responsible for the 2014 hack.” For those keeping track, the 2014 hack was the one that affected at least 500 million accounts.

“Based on the investigation, we believe an unauthorized third party accessed the company’s proprietary code to learn how to forge certain cookies,” Yahoo said in its latest annual filing.

To remedy the issue, Yahoo says that it has invalidated those cookies so that they cannot be used to access user accounts any longer. "

Information reference:

Verizon and Yahoo CEO


 Image credits:

Because of these events, triple hacking and triple date a breach for the past years, Yahoo has been on the spotlight for its own security system. And because of this, the acquisition of the company has been later agreed to $350 million price reduction. As per Reuters, Verizon's acquisition price was cut down to $4.48 billion and deal will soon close by the end of the second quarter of this year. That has been the expectation but since the data breaches has again, the deal might encounter few delays for sure.


Image credits:

Also, this misfortune caused by the breaches caused ex-CEO Marissa Mayer to not be receiving a cash bonus for 2016 and as well as offered not to take any 2017 annual equity. She eventually resigned on June 2017.

Hackers Revealed


 Image credits:

Hacking can't be done without a purpose and the persons behind such surely has a great reason for doing so, it might be money, power or a back mailing purpose. There could be more reason to that but for this case, after FBI investigator found out the two Russian spies and two other criminal hackers, they had concluded that the reason for the activity was to gain access for infiltrating financial companies.


Image credits:

Here's a statement from Mary McCord, the acting assistant attorney general for national security, said in a press conference:

"The DOJ says the two Russians being charged, Dmitry Dokuchaev and Igor Sushchin, are officers of the Russian Federal Security Service. The two other individuals indicted are Alexsey Belan and Karim Baratov, they were paid by the Russian spies to hack into American companies, according to the DOJ.

The criminal hackers stole information about individual users and the contents of their accounts, targeting U.S. government officials, Russian journalists, employees of other internet firms the hackers wanted to infiltrate and employees of financial companies."

Information reference:

I wonder if the same event can occur in the future. Users who are just merely using the electronic mail service for personal email messaging are surely safe for this hacking activity however, those who are using it for businesses, highly confidential information or governmental uses should think twice on advocating the said service.


Image credits:

Perhaps there is a need to patronize on more secure email services. But more importantly, Yahoo should focus now on the means of ensuring that their clients specially the premium ones have the best security features included in their service.

You don't want to lose them all right? In relation to this, the use of chat bots like Querlo is an efficient way of making sure data are not hacked or breached. Kindly participate on the Querlo blog below for this matter:

Best regards,

Jean Beltran-Figues

About the author


♥ saved by grace ♥

Subscribe 0