Updated with further comment from Yahoo
If you're a Yahoo Mail user, you really have to be asking one very important question right now: is there anyone who HASN'T been combing through your emails lately?
Less than two weeks after Yahoo revealed that 500 million of its user's accounts had been exposed to hackers, now comes a report out from Reuters on Tuesday that the government was also snooping around, digging through user emails.
The NSA had been looking for "specific information," and "a set of characters," though what was actually being search for wasn't revealed, of course. One thing we do know: it amounted to hundreds of millions of emails being searched.
That number isn't even the worst part about this, though; unlike many other companies, including Google and Microsoft, which have had their information hacked without their knowledge or consent, and who have been fighting with the government to keep user information secure, according to this report, Yahoo complied with a U.S. government directive to comb through user emails en masse.
In fact, the company went and built a custom software program specifically for that purpose. So it wasn't just letting the government do what it wanted, the company was actively helping.
According to what surveillance experts told Reuters, this is actually the first time, at least that we know about, where an Internet company, based in the United States, agreed to let the government search all of its user's arriving messages. In previous cases, where permission was granted, the messages were either old, and had been stored, or the government was given access to a small number in real time. Never before have they had access to all messages, as they were coming in.
If you're wondering how other Yahoo employees reacted to Marissa Mayer rolling over for the NSA, they weren't happy. In fact, it's what led Chief Information Security Officer Alex Stamos to leave the company in 2015.
“Yahoo is a law abiding company, and complies with the laws of the United States," Yahoo said in a statement when we reached out for comment about this report.
One thing that isn't know right now is if Yahoo actually gave the government any data. The company did not return my request for comment on what kind of data, and how much, it gave over as a result of the program.
This report couldn't have come at a worse time for Yahoo, which just recently revealed that half a billion users had been hacked two years ago. That's over seven percent of the Earth's entire 7.125 billion population in one breach.
The information that was stolen included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
There is currently an ongoing investigation into the matter, and Yahoo says it is working closely with law enforcement.
One entity that has to be really unhappy about all of this is Verizon, which bought Yahoo's assets, including Yahoo Mail, Flurry and Gemini, for $4.83 billion in cash in July. That's a lot of money for a company that just suffered what has to be one of, if not the largest security hacks ever, followed by what is sure to be a big scandal regarding user privacy.
What effect, if any, this will have on Verizon's purchase of the company remains to be seen.
VatorNews reached out to Verizon, but the company declined to comment on the report.
Yahoo has since released a new statement on the report, denying its veracity.
“The article is misleading. We narrowly interpret every government request for user data to minimize disclosure. The mail scanning described in the article does not exist on our systems," the company told VatorNews.
(Image source: security-faqs.com)