In this blog I would like to react to an up-to-date topic, namely the Yahoo data breach that has happened last Thursday. Yahoo, one of the oldest free e-mail providers of the USA, is one of the busiest websites on Internet with its one billion users each month. At the moment, not so much information is known on the breach, nevertheless a crucial announcement is made by stating that this breach is a state-sponsored hack. Among the stolen data is lots of user information as encrypted passwords and security questions. Apparently, this is not the first time for Yahoo to lose its users private information. Already in 2012 Yahoo has lost more than 400,000 passwords of Yahoo Voice. And according to Forbes, Yahoo has been a target for these types of breaches since 2014. However, this branch is assumed to be record breaking.
In my opinion, so far, most new articles covering this story view this situation from a business perspective. Currently, Yahoo is being acquired by Verizon Communications for an amount of over 4.8 billion US dollar, which is of course an enormous business transaction and having its consequences. Whereas, the more personal perspective addressing the consequences of the users is not strongly represented over the last couple of days. Questions as what does this say about our privacy? More importantly, it makes me question if the e-mail provider that I am using -G-mail- is one that can be targeted as well. Is my personal data safe? And is there much difference in protection by the various network providers? Of course, more research could be conducted into this, but this can absolutely be considered as a case presenting the network-value-versus-information privacy concerns dilemma. Where users are making trade-offs between the value that Yahoo is gaining them against the concerns related to disclosing their private information. Important to notice is that this branch confirms the negative network externality to be having larger impact on the user than just on Yahoo level. The breach will be affecting users’ financial data at banks, social media profiles, and more.
I would like to end by asking the following question, how are breaches with these consequences possible in a world where we value privacy so much?
Li, T., and Pavlou, P. 2016. What Drives Users’ Website Registration? The Network Externalities versus Information Privacy Dilemma.
http://nos.nl/artikel/2133928-yahoo-slachtoffer-van-mega-datalek-500-miljoen-accounts-gestolen.html
http://www.forbes.com/sites/thomasbrewster/2016/09/22/yahoo-500-million-hacked-by-nation-state/#bca36014178d
Hi Bernice, interesting topic! While the scale of this particular data breach is considerable, we should not forget that breaches like this happen quite frequently, although they tend to be less picked up by the media. InformationIsBeautiful has a great graph on it: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/.
As for privacy concerns with your own e-mail provider, you may also ask yourself how you feel about all the information Google and all the websites that you visit have on you. Everything you look at, click on, search for, etc. is kept track of, and many of these features are taken advantage of through tools like Google Analytics and Hotjar. While this form of data may seem less sensitive than your personal emails, the insights that can be gained through this kind of data are still remarkable. A good example of this is Target, which based on purchasing patterns of things like unscented body lotion and supplements, is able to predict women’s likelihood of pregnancy and estimated due dates (1).
Also, you say that we highly value our privacy. Indeed, when people are asked about it, they will say that their privacy is of outmost importance to them. However, it has been shown that people’s actions tell a very different story. This is what’s often referred to as the privacy paradox. For instance, we put vasts amounts of personal data on social media and use the same password over and over, which security experts continuously warn about.
Lastly, it should be noted that virtually everything connected to the internet can be hacked (to some extent). If we were so concerned about our privacy, we would therefore be very careful with the growing trend of Internet of Things devices, which is not the case (feel free to have a look at this article on the IoT and smart homes: https://digitalstrategy.rsm.nl//2016/09/26/when-your-home-knows-too-much-smart-homes-hackers/).
1 http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/#74bfe57834c6
Thanks Andrea for your comment, the InformationIsBeautiful Graph is interesting!! Moreover, I would like to provide a short update as I read a relate new article on this topic last Thursday (http://nos.nl/artikel/2138691-yahoo-vraagt-fbi-duidelijkheid-over-scannen-miljoenen-mails.html)
The assumption that this hack was a state-sponsored hack is still being made, and becoming more serious as well. This absolutely scares me and I assume other Internet users, as the incentive is not from companies in order to gain more customer knowledge etc.. However, states do this!! I think as governmental organizations get involved the privacy concerns even grow…