Will Security Failings from 2014 Cost Yahoo Its Verizon Deal?


Anyone familiar with the world of web security will know that a data breach can be a costly affair. When cybercriminals can gain entry to a major corporation’s internal servers, costs quickly mount up.

According to the Ponemon Institute, the average total cost of a data breach in 2015 was $4 million. After conducting 1,500 interviews at 383 organizations across 16 industries, they found that for each record containing client information lost it cost a company $158. Naturally, along with the potential financial impact of the data breach itself, major companies also have to contend with the negative PR associated with a major hack.

Following the recent revelation that Yahoo! was the victim of ‘the biggest hack in history’ in 2014, that saw 500 million user accounts compromised, the web company has received a wave of negative press. Negative press for a company that’s already seen its value decrease by more than $95 billion since the late nineties is never a good thing. However, the data breach could end up costing Yahoo! even more than it bargained for if Verizon decides to halt its takeover bid.


telecomdrive-verizonData Breach Gives Verizon Cause for Concern

The US telecom giant has been eyeing up Yahoo! for a number of months. But, following reports of the company’s security issues, the deal has taken a slight turn for the worse. During a recent investor call, Verizon’s Chief Financial Officer Fran Shammo said that his company has to assume the breach will have a “material impact on Yahoo!“.

Although he stopped short of cancelling the negotiations altogether, it’s clear the incident has put things in doubt. Not only that, but it raises the issue of web security across the telecom industry as a whole. It’s important to remember that the Yahoo! breach took place back in 2014, but the company did not reveal it until a few months ago. That’s an issue that’s worth exploring.

According to insiders, internal politics led to Yahoo! not implementing enough security measures to combat the attacks. As hackers have become more sophisticated, companies have had to respond appropriately. However, it seems that disputes among top executives resulted in Yahoo! falling behind. Indeed, when it comes to web application security, as defined by Incapsula, the main goal is to protect online services from threats that exploit “vulnerabilities in an application’s code.”


Security Should Never be an Afterthought

Now, although the stolen user passwords were encrypted and, therefore, “useless” according to Yahoo, the fact is that they shouldn’t have been exposed in the first place. SQL injections, cross-site scripting and remote file inclusion rank among the most common web application security breaches. But all have the same outcome: lost data.

Whether it’s a piece of malicious code being injected into an application or attacks reflected from one vulnerable target to another, the threats are costly.

While it may have seemed like a good idea to sacrifice security in favor of usability at Yahoo!, the knock-on effect could now be the loss of a takeover deal. At this stage, Verizon is unlikely to completely pull out of the deal. However, there’s no doubt it will now be looking to renegotiate its position and, potentially, its takeover price in light of the botched security policies Yahoo! employed back in 2014.

Pictures Courtesy: www.Flickr.com