Yahoo Reportedly Scanned Customer Emails Secretly, for US Intelligence
Yahoo has reportedly scanned hundreds of millions of customer emails, probably for some specific information and at the behest of US intelligence agencies, as per a recent report by Reuters.
The Reuters report says- “Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter. The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.”
It’s said that this is perhaps the first instance when a US internet company has searched all arriving messages at the request of an intelligence agency; examination of stored messages or scanning a small number of accounts in real time is the usual procedure. The report also says- “It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified. Reuters was unable to determine what data Yahoo may have handed over if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.”
The Reuters report also suggests that as per a couple of former Yahoo employees, Yahoo Chief Information Security Officer Alex Stamos quitting (he later joined Facebook) could be a fallout of this and also that Yahoo hasn’t either confirmed or denied the occurrence of this email scanning. Yahoo’s response to the Reuters report is a brief statement- “Yahoo is a law-abiding company, and complies with the laws of the United States,”
Experts see this as an unprecedented incident, especially the reportedly large scale of scanning done and the need of a scanning software to do the same. Google and Microsoft have reportedly stated, separately, that they had not conducted such email searches.
Recently, in September, Yahoo publicly disclosed that in late 2014, hackers (allegedly a state-sponsored actor) had stolen information associated with at least 500 million Yahoo! user accounts. The data stolen during this breach, considered to be the biggest discovered data breach in the history of the internet and cyber security, included names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and encrypted passwords.
Well, the data breach and now the reports about the large scale email scanning could affect the Yahoo brand in a great way. It could have an adverse effect on consumer trust in the Yahoo brand and also pave way for lots of discussions among cybersecurity experts in the days to come.