In the olden days, Yahoo shuttered some of the largest digital properties on the internet with too little notice for them to be meaningfully archived (especially Yahoo Groups (easily the Reddit and Fediverse of its day) and Geocities (at a time before social media, a place to make a corner of the internet one’s own, it had mountains of longform geekery that’s now lost forever)).
Yahoo also used to be one of most widely used free email providers. Not as ubiquitous as Gmail, but definitely very popular. During that time, they had at least two – and almost certainly more than four – instances where bad actors gained access to user accounts and Yahoo failed to immediately notify impacted users.
This one time, they admitted that all their user email addresses, which then numbered in the billions, had been compromised by a years-old hack whose disclosure they seem to have withheld. The same thing happened a few months later, but affected only some email addresses. For the latter event, they were proven to have withheld discovery of the breach.
There was this one journalist whose email details they gave to the Chinese government to enable his arrest. Then they lied about it to Congress.
And while the NSA likely listens to every piece of data available to them, which trivially and almost effortlessly includes emails, and while Yahoo is one of the tech companies whose NSA PRISM membership is documented, Yahoo additionally performed scans for crime-adjacent keywords on all its users’ incoming and outgoing emails for years.
Worse than Oracle and Salesforce?
Yes, but not worse than Yahoo[.]
Why is Yahoo bad?
In the olden days, Yahoo shuttered some of the largest digital properties on the internet with too little notice for them to be meaningfully archived (especially Yahoo Groups (easily the Reddit and Fediverse of its day) and Geocities (at a time before social media, a place to make a corner of the internet one’s own, it had mountains of longform geekery that’s now lost forever)).
Yahoo also used to be one of most widely used free email providers. Not as ubiquitous as Gmail, but definitely very popular. During that time, they had at least two – and almost certainly more than four – instances where bad actors gained access to user accounts and Yahoo failed to immediately notify impacted users.
This one time, they admitted that all their user email addresses, which then numbered in the billions, had been compromised by a years-old hack whose disclosure they seem to have withheld. The same thing happened a few months later, but affected only some email addresses. For the latter event, they were proven to have withheld discovery of the breach.
There was this one journalist whose email details they gave to the Chinese government to enable his arrest. Then they lied about it to Congress.
And while the NSA likely listens to every piece of data available to them, which trivially and almost effortlessly includes emails, and while Yahoo is one of the tech companies whose NSA PRISM membership is documented, Yahoo additionally performed scans for crime-adjacent keywords on all its users’ incoming and outgoing emails for years.
Well, shit. That’s quite scummy of them.