Monday, April 3, 2017

Yahoo: Data breach leads to 500 million accounts hacked (2016)

Yahoo's main headquarters in Sunnyvale, CA
Since 1997, Yahoo has been an email provider that millions of Americans have trusted. With competition between Gmail and AOL Email, Yahoo’s extensive features, reliability and security are what made it a top contender. On September 22, 2016, Yahoo released a statement claiming that at least 500 million personal user accounts were confirmed hacked. Yahoo speculated that the massive data breach had taken place in 2014, and was carried out by a single third-party. Among the accounts hacked, personal information such as real names, email addresses, telephone numbers, date of births, security questions and account passwords were all compromised (Snider). This information would be enough for the hacker to carry out identity theft crimes against people in the future. While data breaches occur quite often, the magnitude of user accounts hacked deemed this breach the largest ever of its kind. Beginning in September of 2014, thousands of account users had received notification emails from Yahoo claiming that a suspicious party had attempted to sign into their account. Hundreds of Yahoo users spoke out after Yahoo released information on the breach, claiming to have received similar notifications about a possible hack beginning in late 2014. Ironically, in the statement released by Yahoo on September 22, 2016, the company believed that the breach had occurred in 2014, the same year that these frequent user notifications started to appear. When the statement was released by Yahoo, a massive controversy arose over why Yahoo did not publicly announce the possibility of a data breach sooner. Especially since the flurry of suspicious logins began around the same time frame.


When observing the consequences of Yahoo’s data breach scandal, one of the largest group of stakeholders affected would be the consumers. With millions of consumer’s personal information being compromised and potentially put at risk to identity theft, the satisfaction of such users would be expected to decline. While users of Yahoo’s internet media are a major part of the company’s stakeholders, the company’s employees are especially important. If Yahoo struggles to improve from this scandal, employee jobs may be at risk. Employees such as CEO’s, managers and executive employees may see salary cuts due to a decrease in revenue. In addition, other internet media companies such as Microsoft, Google and AOL could be affected by Yahoo’s actions. If consumers grow a lack of trust in the safety of their information online, user activity could drop throughout multiple other mass media companies.
Marissa Mayer, CEO of Yahoo
According to Milton Friedman, individualism highlights a persons’ obligation to maximize profit for the owners and stockholders of a company. Postponing the release of information about a breach was an action that an individualist would see as ethical. By not promptly notifying consumers of a known breach, the company was able to keep users engaged with Yahoo’s website. Therefore, keeping a steady profit for all stakeholders of the company at the time, while staying within constraints of the law. From the time the breach was said to have occurred (September 2014), to the time Yahoo publicly announced the event (September 2016), stock prices increased from roughly $40 a share to $43. This steady stock price shows an individualist that Yahoo's actions maximized profit for stockholders and owners. If Yahoo released information about the breach right away, user engagement would have dropped immediately. This is because consumers would be more cautious in trusting a database that fell victim to a hack. From there, the revenue of the company would see a linear decline, and not fulfill the individualist goal of maximized profit.


Utilitarianism underscores the importance of maximizing happiness in not just yourself, but for all parties involved within a business action. A utilitarian would view Yahoo’s case an unethical because of the company’s lack of consideration for all stakeholders impacted. Rather than being headstrong over maintaining a steady profit, Yahoo should have been more concerned with the future safety of personal accounts and their information. Instead of revamping security and releasing formal notifications of the event to protect consumers, especially those who fell victim to such a breach, Yahoo continued to mislead users by not taking any of these actions. They were only concerned with keeping their stockholders happy, and not the safety and happiness of their consumers as well. By not demonstrating any behavior that seeks to maximize happiness for all beings involved, a utilitarian would find this case unethical.


Formal notifications Yahoo released in September 2016
When a case is being observed using Kantianism, a Kantian will look at the rationality of all parties involved. Kantians follow the strict ethical rule that people should respect the choices that others make, and honor their reasoning behind them. When Yahoo failed to inform their consumers about their accounts being hacked, they were not following the rules of Kantianism. In holding out on releasing information, consumers were not able to make proper decision about the future safety of their personal information. This manipulation of rationality is what Kantianism is against. Consumers were tricked into trusting a company that hid information from them. This put consumers at risk for future identity theft, and hacked accounts on other media websites. In the Categorical Imperative, The Formula of Humanity is a guideline that Kantianism uses to determine if an action made is ethically right. It states that “it is wrong to use people as a mere means to get what you want” (Salazar 22). Yahoo’s primary focus was to continue making money, and they were willing to do whatever it would take to continue doing so. Unfortunately, this meant that the company used their customers trust as a way to get what they wanted. Yahoo’s behavior is highly unethical in the eyes of an individualist, and lacks immense respect towards their consumers.

Virtue Theory
Virtue theorists highlight the importance of a strong character and virtues throughout a company's actions. In order to achieve good character, a company must present certain virtues such as courage, honesty, temperance and justice. The actions of Yahoo would be deemed unethical due to the company's lack of two main virtues. Yahoo’s honesty with their consumers was non-existent throughout the entire case. They mistreated their consumers by relaying misleading information, and refusing to tell anyone the truth. As a result, a lack of honesty severely impacted the reputation and credibility of Yahoo with its consumers. Another big virtue that Yahoo lacked was courage. When faced with the dilemma of a data breach, Yahoo did act in a courageous manner when it came to fixing the problem. Rather than having the fortitude to come forward and tell the public about the event, they presented character traits of cowardice. Yahoo decided to cover up their mess, rather than facing the challenge of doing what was ethically right. If the company had displayed the courage to promptly notify the public and admit wrongdoing, then they may have been able to secure trust with more consumers.

FBI executive director, Paul Abbate addressing
media about the breach
Justified Ethics Evaluation
I personally believe that Yahoo's actions were very unethical. When looking at the big picture, I think one thing Yahoo lacked the most was respect for their consumers. Yahoo's consumers had full trust in the company to keep their personal information secure and safe. The company owed it to their users to honor this trust, and provide the service that the public anticipated. Instead, the company did the complete opposite and put millions of individuals at risk for future identity theft. This shows that Yahoo did have full respect for their consumers. Therefore, by mistreating consumers and abusing the trust consumers have in a company, I consider Yahoo to be unethical.

Fiegerman, Seth, Cristina Alesci, and Charles Riley. "Verizon Is Buying Yahoo for $4.8 Billion." CNNMoney. Cable News Network, 25 July 2016. Web. 30 Jan. 2017.

Fiegerman, Seth. "Yahoo Says 500 Million Accounts Stolen." CNN Money. Cable News Network, 23 Sept. 2016. Web. 30 Jan. 2017.

Gole, Vindu, and Nicole Perlroth. "Yahoo Says 1 Billion User Accounts Were Hacked." New York Times Technology. New York Times, 14 Dec. 2016. Web. 30 Jan. 2017.

Snider, Mike, and Elizabeth Weise. "500 Million Yahoo Accounts Breached." USA Today. Gannett Satellite Information Network, 22 Sept. 2016. Web. 30 Jan. 2017.

Weinberger, Matt. "IT HAPPENED AGAIN: Yahoo Says 1 Billion User Accounts Stolen in What Could Be Biggest Hack Ever." Business Insider Enterprise. Business Insider, 14 Dec. 2016. Web. 30 Jan. 2017. <>.

"YAHOO Historical Stock Prices." Yahoo Finance. Yahoo!, n.d. Web. 30 Jan. 2017.

DesJardins, Joseph R. An Introduction to Business Ethics. New York, NY: McGraw-Hill Higher Education, 2009. Print.

Salazar, Heather. "The Business Ethics Case Manual: The Authoritative Step-by-Step Guide to Understanding and Improving the Ethics of Any Business" The Case Manual (n.d.):n. pag. Web

No comments:

Post a Comment