Yahoo refused to cooperate in probe of 1.5bn hacked accounts – German cybersecurity agency

Yahoo refused to cooperate in probe of 1.5bn hacked accounts – German cybersecurity agency
The German Federal Office for Information Security (BSI) has criticized internet giant Yahoo for not helping to investigate security breaches in 2013 and 2014 which compromised sensitive information from more than 1 billion accounts.

Yahoo “clearly failed to adequately protect itself against cyberattacks, as well as to secure its users’ data, as one would expect from an IT company,” BSI President Arne Schoenbohm said in a statement on Thursday.

Last year, Yahoo disclosed a massive data breach of 1 billion accounts in 2013. It came just months after the company revealed that information from 500 million users, including names, telephone numbers, passwords, and birth dates, was compromised in 2014. 

According to the BSI, it reached out to the online giant for information to investigate the cases, yet Yahoo proved to be uncooperative.

Yahoo’s Dublin office “refused to give the BSI any information and referred all questions to the Irish Data Protection Commissioner, without, however, giving it the authority to provide information to the BSI,” the statement added.

The BSI decided to voice its frustration after Yahoo repeatedly failed to respond to attempts to investigate the incidents in order to prevent similar lapses, a BSI spokesman said, according to Reuters.

The German agency has contacted Yahoo for details on the attacks, the extent of the damage and measures taken, but has not received any information on how to deal with such incidents in future because of “Yahoo’s lack of cooperation.”

“Users should therefore be very careful about which services they want to use in the future and to whom they entrust their data," Schoenbohm said, adding that Germans affected by the Yahoo hack should judiciously select which email service providers they use.

He also noted that providers using C5-class cloud service security offer solid protection for customers. 

C5 is the government-backed scheme to ensure that cloud service providers comply with minimum security standard requirements.