Home / Technology / Tech Tip: Still Waiting to Hear From Yahoo

Tech Tip: Still Waiting to Hear From Yahoo

Q. I have a Yahoo account. I have changed the password and taken other recommended security steps but I have yet to hear from Yahoo. Does the company have any obligation to inform its users of the breach? Shouldn’t Yahoo have been the first to send out information instead of letting us find out about the hacking from the news?

A. When Yahoo posted online statements to its users and investors on Sept. 22 announcing the 2014 security breach that compromised 500 million accounts, the company said it had begun to notify potentially affected users by email that morning. If you did not receive such a message, there could be a number of reasons: It might have been blocked by a filter or accidentally deleted, or you may not have been included on the email list. But as the experts advise, just assume that your personal information was stolen.


To log into your account through a web browser with Yahoo Account Key, click the button in the log-in box, shown on the left, to get the sign-in option on your phone through Flickr or another app, right. Credit The New York Times

The contents of the security breach message and a set of frequently asked questions can be found on Yahoo’s site at yahoo.com/security-update. On the page, the company also suggests switching from a traditional password to the Yahoo Account Key, a user authentication tool that lets you sign in with a smartphone running Android or iOS.

Yahoo’s notice to users referred to a continuing investigation, which may have slowed the company’s disclosure, but there could be legal consequences for the delay. Along with multiple lawsuits brought by Yahoo users over the company’s security practices, Senator Mark R. Warner, Democrat of Virginia, has called for an investigation into Yahoo’s failure to immediately inform its users of the situation.

Six other senators sent a letter to Marissa Mayer, Yahoo’s chief executive, on Sept. 27, calling the delayed announcement “unacceptable” and asking for more information about “how Yahoo intends to safeguard data and protect its users, both now and in the future.”

Security-breach notification laws exist in 47 states already. More legislation is pending.

Continue reading the main story

NYT > Technology

Leave a Reply

Your email address will not be published. Required fields are marked *