A Theory on the Yahoo Security Breach and Your Instant Messenger Service

In September of 2016, at least 500 million Yahooatb_yahoo_messenger accounts have been affected in one of the largest data breaches in history.  My Yahoo account was one of them, although I only used it as a personal dump account for registering on non-essential websites.  Luckily I kept no personal or financial information in any of the emails there.

Most people, including the media, seem to be concerned with how this will affect the Verizon deal acquiring Yahoo.  Indeed, I’m certain Verizon is VERY concerned with it.   But that’s not the interested thing.  The interesting thing is that Yahoo isn’t talking about HOW the data breach occurred, or if it’s connected with the prior data breach in August that stole 200 million accounts.  Or that the data breach seems to simultaneously occurred with a rather hastily put together service migration of the well used Yahoo Instant Messenger (IM) platform.

More importantly and much less publicized, in August of this year Yahoo completely abandoned the venerable and well documented Yahoo Instant Messenger service, instead offering a dumbed down, less feature-rich service by the same name.  Most transitions of this scale and magnitude would take months or years for the migration, but this happened very quickly, leaving 3rd party vendors (Pidgin comes to mind) without much recourse for their offerings.  After August 5th, anyone that was still using the legacy Messenger app (or the API) was no longer be able to log in or send messages.  You couldn’t even log in…

Yahoo IM is well known to have some security concerns, including the ability to “see” anonymously and remotely if someone is online using it, even in invisible mode.  It also had a very well liked and well used archival feature that recorded the entire text conversation for audit purposes.  Many brokers and traders used this platform to buy/sell products and put together deals very quickly.   They loved it.  But the new version does not support this feature (among others), and brokers have been forced to migrate to other platforms like ICE.

So what does all this tell us?  It tells me that there was likely a very serious security flaw in the Yahoo IM protocol, and that it likely had been exploited to gain access to millions of accounts without the users’ knowledge.   Any time a Fortune 500 company abruptly switches out a venerable product and substitutes it with a hastily deployed, inferior product, you can bet your hat that there was something significantly wrong with it.

Meanwhile, Yahoo is hush hush about it, not even mentioning the curious and spontaneous change to their IM platform that so many have relied upon for years.

Posted in: Security Technology

Leave a Comment (0) ↓

Leave a Comment

You must be logged in to post a comment.