Tag Archive for Yahoo

| May 4, 2021
Comments Off on Web Pioneers AOL and Yahoo Liquidated by Verizon

Web Pioneers AOL and Yahoo Liquidated by Verizon

Web Pioneers AOL and Yahoo Liquidated by VerizonWeb pioneers AOL and Yahoo have been sold. Verizon sold the two early Internet powerhouses to the private equity firm Apollo Global Management. For these once tech titans, the deal represents a failure to adapt and thrive as the internet evolved. A history of missteps and bad timing leads both AOL and Yahoo to be sold for 10% of their peak values

America Online

AOL, founded in 1991 as a BBS for Commodore 64 computers, went public in 1992. Estimates put AOL’s value at $226 billion by 2001. Over 35 million users accessed the Internet via AOL. The firm had a history of preventing users from canceling their subscriptions. In 2001 America Online bought Time Warner for $182 billion in cash and stock. The move buried the company in debt just before the dotcom bubble burst and the rise of broadband made AOL’s dial-up services virtually obsolete. AOL languished until Verizon bought the property in 2015 

Yahoo

Yahoo (YHOO), founded in 1994 had 3 billion users at its peak. It had total revenue of over $1.8 billion at its peak in 2008. Yahoo has a history of misses as well. In 1999 it spent nearly $10 billion to buy GeoCities and Broadcast.com, both of which the company eventually shut down. It spent $1.1 billion on Tumblr in 2013 and sold it for less than $3 million in 2019. The Internet pioneer rejected a $44.6 billion takeover offer from Microsoft in 2008, only to sell to Verizon for 10% of that value less than ten years later. Yahoo has the dubious honor of enabling the largest know data breach – leaking all 3 billion accounts. Verizon bought Yahoo in 2017 for $4.5 billion.

Verizon (VZ) sold the Verizon Media group for $4.25 billion in cash and a 10% stake in the new company. The former internet empires will be rebranded “Yahoo,” according to the announcement. Verizon said they expect the sale to close in the second half of 2021. The sale includes online news outlets TechCrunch, Yahoo Finance, and Engadget.

Verizon is cutting its losses

The deal values the former powerhouse businesses at significantly lower prices than Verizon paid just a few years ago.

David Sambur, co-head of private equity at Apollo, said in a statement that touted the company’s strong recent recovery from last year’s lows in CEO-speak;

We are big believers in the growth prospects of Yahoo and the macro tailwinds driving growth in digital media, advertising technology, and consumer internet platforms.

The deal is Verizon’s latest step toward exiting the media market. Verizon sold HuffPost to BuzzFeed last year. it also shut down other popular properties including Yahoo Answers.

rb-

Call me cynical, but what happens to the few remaining staff? The PE playbook says to remove assets and pump in debt to either spin out the remains in an IPO or go bankrupt and write off the debt in a fire sale. Meanwhile, Verizon Media CEO Guru Gowrappan gets to keep his CEO position at the new Yahoo.

Hopefully, Verizon will focus on its core wireless networks business and other internet provider businesses. Opensignal reports that 5G connections are still rare for U.S. consumers. They found that users connected to mmWave 5G less than 1% of the time. Verizon was the “best” for a time connected – a whopping 0.8%, compared to 0.5% for both AT&T and T-Mobile users. 

Yahoo and AOL were early tech titans as the consumer internet formed, but have now fallen into the hands of private equity.

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| January 5, 2019
Comments Off on Marriott Data Breach One Of Biggest Ever

Marriott Data Breach One Of Biggest Ever

Updated July 17, 2019 – The Brits slapped Marriott with a £99m ($124m) fine for “infringements of the GDPR.” The Information Commissioner’s Office said that Marriott failed to undertake sufficient due diligence when it bought Starwood, and should also have done more to secure its systems prior to the data breach.

___

Marriott Data Breach One Of Biggest EverThe internet is a dangerous place for data. Hotel chain Marriott (MAR) proved that once again. Marriott revealed that hackers stole personal information from 500 million Starwood Preferred Guest program participants. The data stolen in the data breach included sensitive personally identifiable information (PII).

Marriott

Marriott said it got an alert on September 8, 2018, about an attempt to access the Starwood database and enlisted security experts to assess the situation. During the investigation, Marriott claims to have discovered that the unauthorized access to the Starwood network started in 2014.

Investigators found that an unauthorized party had copied and encrypted information from the database and had taken steps toward removing it. The company was able to decrypt the information on November 19, 2018, and found that the contents were from the Starwood guest reservation database. The hotel chain then waited until November 30, 2018, to tell its customers of the data theft.

What was lost on the data breach

personally identifiable informationFor about 327 million Marriott customers, the compromised information includes some combination of name, address, phone number, email address, passport number, Starwood Preferred Guest (‘SPG’) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. Marriott added that the data breach included payment card information. About 170 million impacted Marriott customers only had their names and basic information like address or email address stolen.

Marriott says that about 20.3 million encrypted passport numbers and approximately 8.6 million encrypted payment cards were compromised in the breach.

Chinese hackers Several sources report that state-sponsored Chinese hackers working for the intelligence services and the military were behind the attack. The stolen data would be an espionage bonanza for government hackers. Sources point out that the Starwood attacks began in 2014, shortly after the attack on the U.S. government’s Office of Personnel Management (OPM) compromised sensitive data on tens of millions of employees, including application forms for security clearances.

Sadly, the 500 million records Marriott hack only ranks as the third-largest known data breach to date. This list of fails illustrates, no matter what you’re doing online every time you put your information on the internet, you risk it being stolen.

RankCompanyAccounts HackedDate of Hack
1Yahoo3 BillionAugust 2013
2River City Media1.3 BillionMay 2017
3Aadhaar1.1 BillionJanuary 2018
4Marriott500 Million2014 - 2018
5Yahoo500 MillionLate 2014
6Adult Friend Finder412 MiltonOctober 2016
7MySpace360 MillionMay 2016
8Exactis340 MillionJune 2018
9Twitter330 MillionMay 2018
10Experian200 MillionMarch 2012
11Deep Root Analytics198 MillionJune 2017
12Adobe152 MillionOctober 2013
13Under Armor150 MillionFebruary 2018
14Equifax145.5 MillionJuly 2017
15Ebay145 MillionMay 2014
16Heartland Payment Systems134 MillionMay 2008`
17Alteryx123 MillionDecember 2017
18Nametests120 MillionJune 2018
19LinkedIn117 MillionJune 2012
20Target110 MillionNovember 2013
21Quora100 millionNovember 2018
22VK100 MillionDecember 2018
23Firebase100 MillionJune 2018

rb-

There is something else fishy here. Reports claim that the data was encrypted using AES-128 but not all the stolen data. Attackers were able to steal nearly 20 million passport numbers, and 8.6 million encrypted payment cards.

Marriott says that the attackers were able to gain access to 5.25 million unencrypted passport numbers and 2,000 unencrypted payment card numbers.

I’m sure that regulators (GDPR) and lawyers will ask why unencrypted sensitive info like passports and credit card numbers lying around waiting to be stolen?

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| July 7, 2018
Comments Off on RIP Yahoo Messenger

RIP Yahoo Messenger

Do yRIP Yahoo Messengerou remember Yahoo Messenger? It was popular in the late ’90s and early 2000s when there were only two messengers to communicate with your friends and family. Well … the remnants of Yahoo nee Verizon recently announced the end of Yahoo Messenger. Verizon (VZ)/Yahoo announced that they will disable the Yahoo Messenger service after July 17th, 2018. (rb- yes Yahoo Messenger was still a thing – in the face of Apple‘s (AAPL) FaceTime, Telegram, Snapchat, and Facebook‘s (FB) WhatsApp).

According to the Oath website, YIM had 122.6 million users at its peak. In the FAQ announcing the shutdown, Yahoo said, “We know we have many loyal fans who have used Yahoo Messenger since its beginning  … As the communications landscape continues to change over, we’re focusing on building and introducing new, exciting communications tools that better fit consumer needs.” If you’re looking for a Messenger replacement from Yahoo, they recommend Squirrel, which is in closed beta and by invite only. But why?

YIM leaves a dubious security legacy, as all “free” web products do. In 2007 there were reports that up to 75%  of the users in Yahoo Messenger were SPAMBots. In 2010 all Yahoo systems and customer email accounts were hacked by the Chinese military in “Operation Aurora.” In Operation Aurora the Chinese also attacked Adobe (ADBE)Dow Chemical, Google (GOOG) Juniper Networks (JNPR)Morgan Stanley, Northrop Grumman (NOC)Rackspace (RAX), and Symantec (SYMC).

In 2014 The Guardian reported that The British intelligence agency Government Communications Headquarters (GCHQ)’s secret mass surveillance program Optic Nerve and National Security Agency (NSA) were indiscriminately collecting still images from Yahoo webcam streams from millions of mostly innocent Yahoo webcam users, among other things creating a database for facial recognition for future use. Optic Nerve takes a still image from the webcam stream every 5 minutes. Also in 2014 Yahoo was also hit by a hack that affected around 500 million people.

mass surveillanceIn September 2016, The New York Times reported that Yahoo’s security team, had pressed for Yahoo to adopt end-to-end encryption sometime between 2014 and 2015, but senior leadership resisted, “…because it would have hurt Yahoo’s ability to index and search message data.”

In 2017 Yahoo announced that all of its customer’s accounts were compromised. Allegedly Yahoo did not detect the full extent of the 2013 hack until  4 years later. In 2017, Yahoo announced that all 3 billion accounts were compromised.

YouYahoo can download your chat history for the next 6 months at this download request site. Yahoo will email your chats to you. If you have anything you want to save from Yahoo Messenger, it’s a good idea to get a copy, because users will be unable to sign in to the service after July 17th.

rb-

YIM is not the first long-standing chat app to shut down – AOL Instant Messenger shut down December 15, 2017. But Yahoo Messenger was one of the few old-school messaging services left.

Related article

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| February 4, 2017
Comments Off on State of Michigan Data Breach

State of Michigan Data Breach

State of Michigan Data BreachData breaches are no surprise these days. I have covered a number of data breaches here on the Bach Seat here, here, and here. Now the State of Michigan (SOM) has joined the ranks of data leakers like Yahoo, Home Depot, Target, BCBS, and the US government. MLive is reporting that the State of Michigan has spilled the personal data of millions of Michigan citizens. On February 03, 2017, the Michigan Department of Technology Management and Budget (DTMB) announced the Michigan data breach. The breach leaked the Personal information of nearly 20% of Michigan residents who were vulnerable to unauthorized access for four months.

Unemployment Insurance Agency

Unemployment Insurance AgencyThe article reports that in October 2016, a software update to the Michigan Data Automated System (MiDAS) system was used by the state’s Unemployment Insurance Agency (UIA). MiDAS was created by Fast Enterprises of Centennial, CO, and went live in 2012 as part of a modernization of the unemployment benefits and tax system. A flaw allowed employers and human resources firms to get access to names and social security numbers of nearly 1.9 million Michigan residents they were not authorized to view.

The state identified the Michigan data breach on Jan. 30 and fixed it on Jan. 31, 2017. Contracted payroll service providers had unauthorized access to the MiDAS system, according to UIA spokesperson Dave Murray. Anybody working for a company that uses one of those payroll service providers may have had their personal information compromised. DTMB official Caleb Buhs warned, “If you are an employee in Michigan and your company uses a payroll vendor to process payroll, then you can potentially be included.

Impacted by the Michigan data breach

According to a report on MLive, the 31 vendors with unauthorized access to Michigan citizens’ PII included:

  • 7-Eleven
  • Aatrix
  • Accountants World
  • Acrisure
  • ADP
  • Benepay
  • Casper Willson Wilson
  • Computing Resources
  • Connectpay LLC
  • CoStaff National Services Inc
  • Craft Accounting
  • CSS Payroll Inc
  • DTMB
  • DM Payroll
  • Dominion Systems
  • GT Independence
  • Heins Acctg
  • Hewitt Assoc
  • Highpoint Business Services LLC
  • Infiniti HR LLC
  • Julie Lepper Acctg
  • Mercantile Bank
  • My Pay Solutions
  • Nieland & Kosanke PC
  • One Source Virtual
  • Paychex
  • Paycomm Payroll LLC
  • Paycor
  • Paylocity Corp
  • Payroll 1
  • Payroll Tax Mgt
  • Professional Systems
  • Ultimate Software
  • VenSure HR Inc
  • Wayne County Regional
  • Zen Payroll

Data security is a top priority for the state of MichiganDTMB Director and State CIO David Behen stated, “Data security is a top priority for the state of Michigan … We will work with our third-party vendors and our state team to check our processes and procedures to avoid incidents like this in the future.

Recommendations

Here’s what the SOM is recommending those who may have had their PII exposed do:

  1. Call the state hotline at 855-707-8387 between 8 a.m. and 4 p.m. on weekdays to make inquiries about this issue.
  2. Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
  3. Request a free credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax, Experian, and TransUnion – for a total of three reports every year. Contact information for the credit bureaus can be found on the Federal Trade Commission.
  4. Take steps to monitor their personally identifiable information and report any suspected instances of identity theft to their local law enforcement.

MiDAS has been in the news before. MiDAS’ “robo-adjudication” feature wrongly flagged at least 20,000 people for unemployment fraud between October 2013 and August 2015. MiDAS would automatically flag a discrepancy and send a message to a seldom-used internal unemployment system. When the victims didn’t respond, the system would automatically find they had committed fraud and issue a 400% fine.

rb-

The way data breach report work is that the originating firm under-estimates the number of records lost by half. So it is possible that the SOM has released nearly 4 million or 38% of all Michiganders personal records.

Michigan State Police Cyber CommandDespite the Michigan State Police Cyber Command being on the job, it is likely that nothing will happen to the perpetrators – nothing ever does. DTMB spokesman Buhs said, “We are learning from this.” I hope so.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , ,
| March 26, 2013
Comments Off on Chinas Internet Giants are Massive

Chinas Internet Giants are Massive

Chinas Internet Giants are MassiveDerrick Harris, writer for GigaOM recently gave us a peek inside China’s Internet giants and their massive scale. The author describes China’s big four internet companies as huge, but not technological innovators like their American counterparts – yet.

China’s Internet market

Great China FirewallThe Chinese Internet market is very, very big despite the Great Firewall that cuts Chinese citizens off from many popular U.S. web services. The article states there are more Chinese netizens than all the citizens of the United States and European Union combined. And they use social media and e-commerce just like the rest of us. The author gives some examples of the scale of the companies providing social media, e-commerce, and information-discovery needs to China’s 1.3 billion people.

TaobaoAlibaba Group

Taobao, the eBay-like e-commerce line of business from Chinese internet giant Alibaba Group, does a lot of business. On a single day — Nov. 11, 2011 — the company did a whopping 19 billion yuan (about $3.05 billion) in sales. According to Alibaba Group CTO and Alibaba Cloud Computing President Wang Jian, the company site surpassed the 1 trillion yuan (about $160 billion) mark for 2012 revenue at the end of November. Alipay, the company’s version of PayPal, handles about 3 billion yuan (about $480 million) in transactions every day.

AlibabaBy comparison, eBay (EBAY) posted $3.4 billion in revenue for the entire third quarter this year. Amazon (AMZN), with which Taobao also competes (although Alibaba also has a business-to-consumer division called Tmall), closed its third quarter with $13.8 billion in revenue. Of course, Taobao and Alipay are just two of Alibaba’s expansive portfolio of services, which includes a troubled partnership with Yahoo (YHOO).

That type of business means Alibaba needs a lot of servers. In a single year not too long ago, Jian told the author, the company bought more servers than it had in the previous five years combined. If you charted Alibaba’s server count now versus five years ago, he added, the previous number would look like zero. How big is its database? Enough to store data for more than 800 million items for sale.

Baidu

Baidu logoThe Chinese search giant is ranked fifth in the Alexa internet rankings, which is evidence of its popularity. All those users, I’m told, result in an annual server growth about equal to the previous three years combined. It is reported that Baidu (BIDU) is planning possibly the world’s largest data center — spanning 120,000 square meters, costing $1.6 billion, housing 100,000 servers (totaling 700,000 CPUs and 3 million cores), and storing 4,000 petabytes of data.

Tencent logoTencent

Sometimes compared with Facebook (FB), Tencent (TCEHY) boasted more than 717 million users for its popular QQ messaging service as of September 2011. That number has surely grown. The company says its highest-ever number of concurrent users was more than 176 million, although there are often tens of millions (if not more than 100 million people) using it at any given time. An individual with some knowledge of the company’s infrastructure told me Tencent adds about 100,000 servers per year.

Weibo

Weibo logoThe Twitter-like platform from internet new-school internet company Sina had more than 400 million users as of April 2012. That’s about twice the number Twitter claims. And the Chinese use Weibo a lot, for everything from micro-blogging to self-publishing. It might actually be a more important tool in China than Twitter is in the United States, sources told the author, because while the government can censor official news outlets, it can’t possibly control the stream of information coming off Weibo. And that will mean even more growth.

Mr. Harris concludes that, despite their sheer scale, Chinese internet companies are, by most accounts, less technologically inclined than their American counterparts. The biggest reason, the author says is that these companies tend to view themselves as traditional businesses and not technology companies. Another factor mentioned is that employees often strive to work up the management ladder not remain career engineers. This inevitably affects R&D budgets, makes companies less willing to take risks, and reduces the pool of employees that really, deeply understand complex systems.

10,000 webscale serversThe blog cites the server situation within China’s big four internet companies. Alibaba’s Jian told the author that although his company is running all white boxes in its data centers now, it had a lot of legacy IBM (IBM) gear in its data centers five years ago. The same thing is reported about Baidu. Tencent, had 10,000 webscale servers fail in six months last year and is considering a move back to traditional boxes.

Open Compute Project

The article speculates that these companies are coming around on innovation beyond just buying more efficient gear. Tencent, Baidu, and Alibaba, for example, are all members of the Facebook-led Open Compute Project for designing webscale hardware. Tencent and Baidu actually created their own rack-design specification, called Project Scorpio, which is being merged into Open Compute’s Open Rack design in 2013. They still don’t build their own servers like Google and Facebook do, preferring instead to push their custom specs on server makers, but many innovative American companies, including eBay, do the same thing.

Open ComputeFacebook VP Frank Frankovsky told PCWorld, “We compete with those guys, but on the infrastructure side, if we can make our infrastructure more efficient, it makes everyone that much better. Where we differentiate our business is in the service we provide to our end users.

That differentiation comes in large part from an incredible investment in research and technology. If they want to be considered thought leaders in their field — and if they want to expand significantly into cloud computing (as Alibaba and Sina clearly want to do) — China’s internet companies will have to start matching their immense scale with demonstrated technology.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
« Older Entries