web analytics

Bill Bennett


Throw Yahoo mail overboard now

Yahoo can’t do anything right with email. It can’t do anything right by its customers. The web company’s Yahoo Mail has also been a nightmare for partners like Spark NZ.

The sooner Yahoo wraps up and stops trading the better for everyone.

If you haven’t already severed your ties with Yahoo, stop reading this, go to the site and close your account now.

Divorcing Yahoo may be tricky. If you have an old Spark Xtra email account, the page where you close your Yahoo account asks you to ring a Spark support hotline. Do it anyway.

If you had a Yahoo account in the past, go and check it is dead. You don’t want it to come back from beyond the grave and haunt you.

Yahoo mail hacked… again

Last month Yahoo told the world that criminals had stolen data on 500 million users. The stash includes mail addresses and telephone numbers. There are dates of birth, encrypted passwords and security questions.

That’s bad, but to compound matters Yahoo failed to act in good faith. It only told customers their data was stolen after the press had the story.

If that wasn’t enough, details emerged today that Yahoo is scanning hundreds of millions of mail messages on behalf of US intelligence or law enforcement agencies.


Both the hack and the capitulation to US government snoops are massive breaches of trust. They are not the only problems with Yahoo mail, but they dwarf everything else.

While the crooks didn’t get credit card data in the attack, they had access to enough information to link users to bank accounts. The crooks could read mail messages. That way they could learn sensitive personal data about Yahoo users. It includes the kind of information that can hurt people and the kind of information that can cost money.

Two years

It took Yahoo two years to tell its customers about the attack.

When thieves get hold of personal data, people need to move fast to protect themselves, their online identities and their secrets. For two years Yahoo left its customers vulnerable.

Yahoo is not the only company to take years to report a serious security breach. LinkedIn didn’t disclose a major data theft for four years. It took MySpace, kids ask your parents about that name, three years to go public after a similar event.

It is possible these companies were not aware of the breaches. Or perhaps they were not aware how serious the the data thefts were before they were public. After all, the average time it takes for an attacked company to know its online security defences have been compromised runs to around six months.

But Yahoo didn’t admit to anything until the story was already in the media.

Immoral if not illegal

Scanning users’ mail messages on behalf of the US government Yahoo was almost certainly illegal. It’s one thing to snoop on US citizens, but to let US spooks poke their noses into innocent non-citizen’s business is playing with fire.

It’s unpleasant, outrageous and immoral. But there’s something far worse at stake here. If US government snoops have a backdoor into the Yahoo mail system, there’s a good chance other state intelligence services — unfriendly ones — also have access. And that means criminal gangs have access too.

The big question is that if the US government leant on Yahoo to give it customer mail, has it done the same with other mail providers. Are American spooks peering through your Facebook, Gmail, Microsoft Outlook.com mail or Apple Mail while you are reading this?

And does that bother you?




6 thoughts on “Throw Yahoo mail overboard now

  1. Much as I support Spark in other areas (they’re a big company that everyone likes to bag, but they do pretty well for the bulk of their customers, despite being a media hit target), however I think Yahoo is their biggest customer failing as regards duty of care.

    In the last few years there have been a number of confidentiality breaches/hacks of the Yahoo!Xtra customer database, none of which have ever been adequately explained.

    Spark should have given notice to Yahoo after the first breach – and certainly, after the second they should have been doing what they are finally doing now.

    I have no opinion on the selected new provider – I have never heard of them. But I certainly hope they have their act together and that they do their data migration to the very highest standard.

      1. At that time I was contracting at Spark – many staff were of exactly the same opinion.

        I even made a suggestion to migrate to Gmail (with Google Drive as an included feature for a cost of about $1 a week per customer, I couldn’t see a downside for the customer).

        And here we are now….

  2. It’s one thing to snoop on US citizens, but to let US spooks poke their noses into innocent non-citizen’s business is playing with fire.

    The reality is almost the complete reverse. American citizens have some constitutional protections left but foreigners don’t.

  3. That’s true. But here I wasn’t thinking so much of the legal angle as the business angle. If sensible people living outside the US assume a service like Yahoo Mail is collecting data on behalf of the US government, they simply won’t use it. For a business with global ambition that’s a disaster.


Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: