Yahoo's massive data breach has been all over the news lately. The breach happened back in 2014 but we didn't find out about it until recently. Stolen information could include email addresses, names, telephone numbers, hashed passwords, birthdays and even encrypted or unencrypted security questions and answers.
Originally, Yahoo confirmed that at least 500 million accounts were affected, but the actual number could be up to 3 billion. Now, Yahoo is making more news that could affect millions of its users.
Some former Yahoo employees told Reuters that the company secretly built a custom software program last year. The program was used to scan all Yahoo customers' incoming emails for specific information for U.S. intelligence officials.
Yahoo was complying with a classified U.S. government request that came from either the National Security Agency (NSA) or the FBI. Hundreds of millions of Yahoo Mail accounts were scanned.
This isn't the first case of U.S. intelligence agencies looking at bulk information. Your personal information has been secretly tapped for the National Security Agency by telecommunications companies for years.
However, it's the first known case of a U.S. internet company complying with an intelligence agency request to search all incoming emails. Previous requests applied to stored messages or a small number of accounts in real-time. What information the intelligence officials were after, or what Yahoo handed over, is not known at this time.
Yahoo's custom software program was discovered by its security team shortly after it was installed in 2015. When they discovered it, they thought hackers had broken into their system.
In fact, Yahoo's former Chief Information Security Officer Alex Stamos allegedly resigned over the situation. The former Yahoo employees say Stamos told them he left the company because complying with the intelligence agency's request hurt users' security. He said a programming flaw opened the door for hackers to access stored emails.
It's possible that the intelligence agency made the same request with other internet companies, but Yahoo is the only company reported to comply. Representatives with Google and Microsoft both said their companies had not conducted these email searches.
There are U.S. laws that allow intelligence agencies to ask phone and internet companies for customer data. The information collected is said to be used primarily to help prevent terrorist attacks.
With this new privacy issue coming to light and the recently reported data breach, is it time to rethink having a Yahoo account? Tell us what you think in the comment section. And as always, keep checking in with our Happening Now section for updates.