I’ve often asked myself, “How much harder can Yahoo screw up their Voices (formerly Associated Content) division?” The answer has always been, “Pretty damned hard,” and today was their biggest screw-up of all.
Over 400,000 accounts, emails and passwords, were stolen from Yahoo Voices. A hack like that would not usually upset me because every IT professional knows to store all passwords in an encrypted state. Even if they’re stolen, they’re of no use. But unamazingly Yahoo stored all their user’s passwords in clear text. Encrypting passwords is IT security 101 and Yahoo failed the mid-term exam.
If you have an account with Yahoo Voices, you’ll want to change your password immediately. It wouldn’t hurt to change your email account’s password and your PayPal account’s password, too. In this article from TrustedSec.com is a link to the text file with the compromised data. Whether your account is on the list or not, you should still consider changing your passwords.
Here, I’m supposed to show my shock, surprise, and outrage at Yahoo for letting this hack happen, but honestly, I’m not surprised at all. You would think a big corporation like Yahoo would have the IT resources and know-how to protect their sites from hacks of this sort. If they can’t stop such a hack, to at least have the sensitive data encrypted. Only you would think that because I certainly don’t.
Yahoo is the accidental tourist of the internet. They wonder aimlessly around the web and occasionally stumble into some money. They have no strategic vision. They have forgotten their core business. They make money by buying and selling lines of business, not by nurturing and growing markets. Yahoo Voices is just one, prime example.
Yahoo found an attractive, little start-up called Associated Content (AC). AC was all about creating web content. It was promoted as a site where anyone from the budding writer to the experienced author could write an article and AC would share the advertising revenue with the contributor. It was a solid business model. To make it work, one need only to give some guidance to the writers, show them their due respect, and share enough of the profits to keep the writers writing more content. All of which AC did for 5 years with some success. Then along came Yahoo.
Yahoo saw the AC platform as a content generator for its other myriad sites. Unfortunately, as with most Yahoo acquisitions, Yahoo couldn’t figure out how to integrate AC, now renamed Voices, into its business model. They reduced the membership to cost line-items on a balance sheet. They painted the employees as overhead and promptly fired a large chunk of the staff. Instead of nurturing Voices as the content-generator they needed for their other sites, Yahoo put the purchase price in one column and the rest of the business in the other column. Then they tried to do whatever was expedient to make Voices profitable within the those confines. They couldn’t easily calculate the value of the content within the broader context of Yahoo’s huge web presence, so they didn’t try.
As so many times before, Yahoo was its own worst enemy. As content purchase offers fell, writers abandoned the site in droves. With only inexperienced staff left after the layoffs, there was no guidance they could give the writers who remained. What little guidance that was offered usually contradicted long-held standards or countermanded other staff’s requests. The only thing Yahoo nurtured was discontent among the writer/members. Yahoo thought they could replace the more expensive, more mature writers with less experienced, novice writers. As so often is the case, Yahoo got exactly what they were willing to pay for.
And while all this was going on, Yahoo paid no attention to beefing up the site’s security. Did they bring experienced IT professionals over from other Yahoo lines to augment the tiny IT staff that come with AC? No. They treated the IT staff like any other expense and handed out pink slips to some of them, too. Those who remained were tasked with integrating the servers into the behemoth that is Yahoo and security suffered. It suffered to the point where we are today with over 400,000 user credentials stolen.
I mean, really, Yahoo, who stores passwords in the clear? Whatdafuq?