Yahoo is having quite the rough patch. It was recently reported that Yahoo had a data breach from 2014 that affected 500 million users. However, later we found that number could be up to 3 billion.
To make matters for Yahoo worse, we told you that in 2015 the tech giant was complying with the U.S. government to spy on all incoming emails. We are now finding out that the email scanning incident was even worse than we originally thought.
We learned last week that some former Yahoo employees told Reuters that the company secretly built a custom software program last year. The program was used to scan all Yahoo customers' incoming emails for specific information for U.S. intelligence officials.
Yahoo was complying with a classified U.S. government request that came from either the National Security Agency (NSA) or the FBI. Hundreds of millions of Yahoo Mail accounts were scanned.
The program was initially thought of as a modification of a simple scanning tool that searches for spam, malware or child pornography.
Now, anonymous sources told Motherboard that the custom software program was actually worse. It is similar to a piece of malware called a 'rootkit,' a poorly programmed rootkit, at that. Rootkits lay hidden within a computer and give hackers complete access to it.
Yahoo's email scanning program was discovered by its security team shortly after it was installed in 2015. When they discovered it, they thought hackers had broken into their system. According to the anonymous source, the tool was not even a slight modification of the scanning software, it looked like software that Yahoo's own security team wouldn't even install.
As the ex-Yahoo employee told Motherboard,
"It definitely contained something that did not look like anything Yahoo mail would have installed. This backdoor was installed in a way that endangered all of Yahoo users."
Yahoo's former Chief Information Security Officer Alex Stamos allegedly resigned over the situation. The former Yahoo employees say Stamos told them he left the company because complying with the intelligence agency's request hurt users' security. He said a programming flaw opened the door for hackers to access stored emails.
With all of Yahoo's recent troubles, it might be a good idea to delete your account if you still have one. Read our story detailing how to delete your Yahoo account if you need help.