Yahoo! data breaches has been listed as one of the Engineering and technology good articles under the good article criteria. If you can improve it further, please do so. If it no longer meets these criteria, you can reassess it. Review: May 29, 2024. (Reviewed version).

Yahoo! data breaches was nominated as a Engineering and technology good article, but it did not meet the good article criteria at the time (March 31, 2024, reviewed version). There are suggestions on the review page for improving the article. If you can improve it, please do; it may then be renominated.

A news item involving Yahoo! data breaches was featured on Wikipedia's Main Page in the In the news section on 23 September 2016.

This article is rated GA-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computer Security: Computing Mid‑importance This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles Mid This article has been rated as Mid-importance on the project's importance scale. This article is supported by WikiProject Computing. Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Crime and Criminal Biography Low‑importance This article is within the scope of WikiProject Crime and Criminal Biography, a collaborative effort to improve the coverage of Crime and Criminal Biography articles on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Crime and Criminal BiographyWikipedia:WikiProject Crime and Criminal BiographyTemplate:WikiProject Crime and Criminal BiographyCrime-related articles Low This article has been rated as Low-importance on the project's importance scale. Databases (inactive) This article is within the scope of WikiProject Databases, a project which is currently considered to be inactive.DatabasesWikipedia:WikiProject DatabasesTemplate:WikiProject DatabasesDatabases articles Internet Mid‑importance This article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the Internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.InternetWikipedia:WikiProject InternetTemplate:WikiProject InternetInternet articles Mid This article has been rated as Mid-importance on the project's importance scale. Russia Low‑importance This article is within the scope of WikiProject Russia, a WikiProject dedicated to coverage of Russia on Wikipedia. To participate: Feel free to edit the article attached to this page, join up at the project page, or contribute to the project discussion.RussiaWikipedia:WikiProject RussiaTemplate:WikiProject RussiaRussia articles Low This article has been rated as Low-importance on the project's importance scale.

I just wanted to post a quick note of appreciation to the many editors who contributed to this article. Thanks to everyone's efforts it was linked on the Main Page (in WP:ITN) barely a day after creation. Well done. -Ad Orientem (talk) 20:10, 24 September 2016 (UTC)[reply]

I think the last paragraph of the Events section, about other actors having access to Yahoo´s data (meaning PRISM and MUSCULAR programs) is quite misleading as these are a different kind of data breachs. Maybe we could move this to the article´s ending in the "See also" section? Javier Jelovcan (talk) 12:56, 28 September 2016 (UTC)[reply]

@Javier Jelovcan: How are these different kinds of data breaches? It seems that the only two differences are that those programs also breached into the content of email-accounts and not just the account-info (not enough to breach into most yahoo accounts and thereby gain access to the content) and that it wasn't self-reported by Yahoo but instead was disclosed by a whistleblower's leaks. However, while I do think that this information needs to be included in the article I too think that the "Events" section might be a bit inappropriate - it's not really part of the events of this breach. So either the section needs to be renamed (e.g. to "Background" or alike) or a new section needs to be set up.

--Fixuture (talk) 17:09, 30 September 2016 (UTC)[reply]

Just want to agree with Javier that these breaches seem quite separate. As a casual reader, it felt like the article was trying to make a political point. The government breaches probably don't belong in this article. People reading this article are interested in the specific breaches cited in the news recently, not in "every time that Yahoo user data has been compromised". — Preceding unsigned comment added by 2600:1017:B425:8ED4:5D1E:F33C:6EC9:9CCF (talk) 16:44, 2 October 2016 (UTC)[reply]

Well, I happen to agree with the inclusion of the mentions. If a government actor is mentioned, it should be made clear to what extent various such actors are already involved, as part of general context. Samsara 01:40, 4 October 2016 (UTC)[reply]

While the article is named Yahoo! data breach it seems that 2 separate breaches were publicized more or less at the same time:

• one occurred in 2014, encompasses the account info of ~500.000.000 user accounts, with no data being public or sold, is said to be state-sponsored, and is the main subject of most news reports and this article
• the other occurred in 2012, encompasses the account info of ~200.000.000 user accounts, with the data being sold on the TheRealDeal for bitcoins worth less than $2000, could possibly state-sponsored as well with the sale of the data being done with a profit/criminal motive by an individual hacker according to said vendor, and is only mentioned in most news reports and this article

Not sure if those 2 breaches are in any way related (e.g. by motivation, by attacker, by method used in the breach etc.). I'm also not sure whether or not Yahoo has confirmed this breach to date. Maybe they try to damage control by only confirming the larger breach and trying to only imply that the previous breach occurred as well without explicitly confirming it?

So what should be done here?
Should the article be renamed to sth like "Yahoo! data breaches" or "2014 and 2012 Yahoo! data breaches" or "Yahoo! data breaches revealed in 2016"...?
Or should there be a new article for the 2012 breach? (And if so: what about the other social media accounts "Peace_of_mind" is selling? It looks like those sites were breached as well.)
Or nothing at all?

--Fixuture (talk) 17:26, 30 September 2016 (UTC)[reply]

For now, the two breaches should have clearly delineated and headlined sections. Once that's been achieved, it'll be easier to decide whether a split of the article is appropriate or not. Samsara 22:37, 1 October 2016 (UTC)[reply]

The 2012 breach apparently refers to the 2012 LinkedIn hack. ^Falling_Gravity 21:06, 16 December 2016 (UTC)[reply]

There are a number of open questions I'd like to know the answers to if anybody has them (or can help find the answers to; Yahoo should have provided them already or clearer):

• Were the passwords properly salted with a proper (long enough etc) salt per every user?
• What do they mean with "encrypted or unencrypted security questions and answers"? Were they properly encrypted or not? If some weren't: which and how many users are affected?
• How were the minority of passwords hashed that weren't hashed with bcrypt?
• Is the country suspected by Yahoo Russia? Or is it another country (which?)? Or do they have no clue which country it is but only that it was state-sponsored?
• Except of the professionality of the breach are there any other clues that point to a state-sponsored actor?
• Did Yahoo notice any unusual activity such as what one would expect once the data reached criminal hands? (e.g. anything related to mass attempts of gaining access to accounts by answers to security-questions).
• Why didn't Yahoo notify its users of the breaches? Weren't they knowledgable of the hack in 2014 already as "at the time of the 2014 attack, Yahoo executives were said to have concluded that it was linked to Russia, because it was launched from computers in Russia" ( http://www.wsj.com/articles/yahoo-executives-detected-a-hack-tied-to-russia-in-2014-1474666865 )?
• How was the data encrypted? Was it encrypted? If not why?

Note that these open questions may also be included in the article if they were/are not answered.

--Fixuture (talk) 18:06, 30 September 2016 (UTC)[reply]

Strictly speaking, we can't raise questions that aren't raised in reliable sources. If you can't find these questions raised elsewhere, maybe get in touch with Ars Technica, Wired or any similar publication to see if they'll accept an editorial contribution from you. Once that's published, there should be no question that we can cite it. I know it's silly, but that's how the current model works. If you want some help writing such a piece, let me know. HTH, Samsara 22:56, 1 October 2016 (UTC)[reply]

There are reports of some 1 billion odd accounts (New York Times, Wall Street Journal, TechnoBuffalo, and more). This appears to be a different breach than the one the article currently covers. We could either incorporate this into the current article and rename it "Yahoo! data breaches" or move the current article to "2014 Yahoo! data breach" and create a new article 2013 Yahoo! data breach. However, as mentioned above, the current article also covers a 2012 data breach. I guess if this keeps up we'll see a data breach from Yahoo! every year. ^Falling_Gravity 02:41, 15 December 2016 (UTC)[reply]

Given the extent to which reliable sources are reporting on the separate incidents together (focusing on the underlying vulnerabilities and combined impact on the company and on the public), I favor expanding this article and renaming it Yahoo! data breaches. —David Levy 03:34, 15 December 2016 (UTC)[reply]

Since it's believed to be the same "state actors", I'm going ahead and moving it to "Yahoo! data breaches". There still isn't that much info about the new hack in the article yet. ^Falling_Gravity 09:39, 15 December 2016 (UTC)[reply]

A few days ago User:FallingGravity removed the "2012 breach" section, saying that it's about the 2012 LinkedIn hack.

While that's correct the section also contained information on the breach that apparently occurred in 2012. As of right now the "July 2016 discovery" section contains parts of that now-removed section. However there is no section "2012 breach" despite there apparently being a third breach and it's missing much info that was previously found in the removed section such as the motivation of the hackers and the use of the data.

Should parts of it be restored? If so how (should the section be renamed, left as it is or a new section get added)?

--Fixuture (talk) 18:15, 2 January 2017 (UTC)[reply]

No, it should be kept out. The only connection to the 2012 LinkedIn hack is that there is the same black market seller involved in both. It's necessary to name this seller (and his connection to the 2012 hack) because awareness of this data led to the discovery of these larger breaches. The 2016 discovery section properly alludes to the seller's roll in the 2012 hack, but that's all that's needed. --MASEM (t) 18:19, 2 January 2017 (UTC)[reply]

There does not appear to be even the most basic information posted related to this. Breach could mean anything, obviously it's implied credentials to the accounts were gained, but then what was done?

I assume passwords and contact information was downloaded for every account. What about individual emails, did the hackers download every email?

Did they download location information?

Contact Lists?

Calendar Appointments?

Where is the information — Preceding unsigned comment added by 108.29.37.45 (talk) 18:27, 8 February 2020 (UTC)[reply]

This review is transcluded from Talk:Yahoo! data breaches/GA2. The edit link for this section can be used to add comments to the review.

Nominator: Joereddington (talk · contribs) 06:34, 2 April 2024 (UTC)[reply]

Reviewer: Schierbecker (talk · contribs) 18:17, 22 April 2024 (UTC)[reply]

This article appears to still be a little ways off from GA.

• The lede name-drops Karim Baratov in the lede, but doesn't identify his profession or nationality.
  • Fixed. :)
• When did Yahoo contact law enforcement?
  • It's actually not clear they did - their own press release (and their SEC filing) suggests that law enforcement came to them: https://help.yahoo.com/kb/account/SLN27925.html?impressions=true but in general there is a very little information in reliable sources.
• How did Yahoo come to learn about the breaches?
  • Per the above, there's a suggestion that they were informed by law enforcement, there's a suggestion that they found out about it from press asking about account data being available on the dark web, and there's a suggestion in a press release that they were doing their own investigation. I've not been able to find reliable sources that cover it. Their filing at https://web.archive.org/web/20170110014942/https://investor.yahoo.net/secfiling.cfm?filingID=1193125-16-764376&CIK=1011006 says "In late July 2016, a hacker claimed to have obtained certain Yahoo user data. After investigating this claim with the assistance of an outside forensic expert, the Company could not substantiate the hacker’s claim. Following this investigation, the Company intensified an ongoing broader review of the Company’s network and data security, including a review of prior access to the Company’s network by a state-sponsored actor that the Company had identified in late 2014. Based on further investigation with an outside forensic expert, the Company disclosed the Security Incident on September 22, 2016, and began notifying potentially affected users, regulators, and other stakeholders."

• What effects did the 2013 breach have on users/Yahoo? When was this discovered? This breach affected six times as many accounts but there is hardly any information about it. Was it less sensitive in nature?
  • You are right. It's massive and it was broadly ignored (I mean, there was a congressional hearing but it found nothing of substance) I was extremely pleased I was able to find a source positively saying the negative: i.e. that Yahoo had released no information.

• at least two others accessed user account information connected to Belan?
  • Fixed.

• Yahoo also claimed that there was no evidence that the attackers were still in the system Was this proven? Article suggests otherwise.
  • It's a [very specific denial](https://tvtropes.org/pmwiki/pmwiki.php/Main/SuspiciouslySpecificDenial) right? That was Yahoo's claim at the time. The indictment against Belan suggests Belan was operating well past that time, but I opted to show both sources with editorialising.

• From October 2014 to at least November 2016, Belan and at least two others accessed user account information Using the fruits of the 2014 breach?
  • Yes, that is the understanding. I can make this a bit more obvious in the text if you like?

• The filing noted that the company believed the data breach had been conducted through a cookie-based attack The September filing or the November filing?
  • Fixed (The November filing of finances covering the period up to the 30th September) I've also clarified some of the nearby language.

• it was reported that account names and passwords for about 200 million Yahoo accounts were presented for sale on the darknet market site. Which darknet site? Was this related to the 2014 breach? Do we know if anyone purchased them?
  • I'm a little confused by the first bit of the question - the darknet site is 'The Real Deal' but that's already in the text so I might need some clarity. Regarding the other questions: Yahoo hasn't released any information about which breach it might have been related to (or even if it's real), and I don't believe I have any sources covering if it was purchased.

• Did Russia cooperate with the investigation? Was the FSB organization implicated as a whole or was this the work of agents doing unsanctioned work for the FSB on their own initiative (or even moonlighting off the clock for their own personal gain)? Which accounts did the FSB agents target. (edit: Dmitry Dokuchaev was one of those charged. He has a Wikipedia article. He should be mentioned by name. Maybe Igor Anatolyevich Sushchin too.)
  • I've linked both Igor_Sechin and Dmitry Dokuchaev. Sadly I don't have any sources from the FSB about how they feel. We have some light information about the FSB agents targeting 'people of interest to the regime' but nothing that really produces content (and I think it would be a magnet for some fringe contributions)

 On hold pending improvements. Schierbecker (talk) 18:17, 22 April 2024 (UTC)[reply]

Wonderful! Thank you so much for your review. I'll pop back shortly to do proper replies/fixes - I suspect that the answer to some of your questions is "Yahoo refuses to give any information about this and thus there are no relable sources one way or the other", but I can make some changes on the basis of this :) Joe (talk) 12:04, 23 April 2024 (UTC)[reply]

Right, I've fixed an array of things and replied to all comments. Apologies for how many of the answers are "There isn't really a source for that" I did do quite a bit of digging... Joe (talk) 18:49, 24 April 2024 (UTC)[reply]

Hi, can I check in and see what's left to do? I'm aware that the clock is ticking and I don't want to miss out on the GA because I forgot to response to a particular comment :) Joe (talk) 06:42, 27 April 2024 (UTC)[reply]

It appears that Igor Sushchin is linked to the wrong guy. Will take a look tomorrow. Schierbecker (talk) 07:22, 27 April 2024 (UTC)[reply]

Definately the wrong guy (his age is about ten years different on the indictment compared to the wiki article) Joe (talk) 19:10, 30 April 2024 (UTC)[reply]

• Russia denies responsibility

I've used this source now :)

• More details

I've used this source now :)

• p. 1262. Also mention Stamos.

I found a paragraph I'd removed previously and resurrected it (with your excellent source above)

• Alexey Belan linked twice. Also who is he? Give a brief background. How did he escape prosecution? Where is he believed to be? Did the U.S. request his extradition? WP:BLPCRIME applies. Make sure that all unproven allegations are presented as such.

So I'm a little nervous here. On the one hand I don't want to add much content for exactly BLPCRIME reasons - all that we actually know is that he's been accused. The other problem is that Belan's own Wikipedia article is magnificently low on content. We could say that he was last known to be in Krasnodar Russia (per https://www.fbi.gov/wanted/cyber/alexsey-belan) but the major issue there is that page is showing signs of having barely been updated since before the breach... Is this in one of the GA criteria or is this more of a 'nice to have' thing? Joe (talk) 11:10, 1 May 2024 (UTC)[reply]

I guess we don't know for sure that he fled? Just that his last known location was in Russia? You could say that. Just make sure to attribute this to the FBI. Use Internet Archive to lock down when the FBI said this. Schierbecker (talk) 15:38, 1 May 2024 (UTC)[reply]

• When was the August 2013 breach disclosed?

Fixed :)

• Images should be left at the default size per WP:THUMBSIZE.

I think this is done, I'm not sure. :)

• Use MOS:DATECOMMA. This article is specific to the U.S., therefore it is obvious we are dealing with U.S. currency. MOS:$.

Done :)

• [[tq|Judge Koh rejected the settlement offer,)) Need his first name. In this case I don't think his name is important, so it can just be removed.

Done :)

Schierbecker (talk) 20:57, 30 April 2024 (UTC)[reply]

• Former CEO Marissa Mayer Should say "Former CEO Marissa Mayer, who was CEO at the time of the breach"

Done :)

• Still one MOS:$ issues

Found! :)

• Heading should be in sentence case per MOS:HEAD

Done :)

• wl Article 29 Data Protection Working Party. Unquote, as it is a proper name. Wl names in image captions. It's not considered overlink. Briefly describe each individual and their relevance to the matter in the captions.

Done :)

• His memoir, written after his release, Try "His memoir published in YEAR".

Done :)

• Did Yahoo lose users over this? They had somewhat of an IBM-esque mojo about them: They were bleeding users before this but were mounting a come-back. They had recently purchased Flickr. I remember Mayer being this sort of Sheryl Sandberg-type figure girl boss who went from hero to zero. (did her resignation have anything to do with the security issues Yahoo had under her watch?)

Your memory of the culture at the time matches mine; I'd love a source that suggested that the breach was a factor, but I haven't found one, and I wouldn't expect to: it is genuinely amazing how little a splash the whole thing made overall. I think Mayer went basically because she wasn't able to make the shareholders enough money.

• What nationality is Yahoo?

American, and then owned (mostly) by another technically American company. I'm happy to put that in, but I also feel like the company is multinational enough that it's not particularly in context. (Like, Sony is a Japanese Company but that's not mentioned (and I would argue, not particular relevant) in 2014_Sony_Pictures_hack (you can argue that because it used to be Columbia Pictures, it's an American Company owned by a Japanese one but we end up a long way from the actual topic.Joe (talk) 20:01, 8 May 2024 (UTC)[reply]

• I like this quote from Krebs on Security where he calls it "yet another reason I’m telling people to run away from Yahoo email." p. 1283 of that AU Law Review pdf I linked is also very quotable.

It's a great quote for an anecdote - I'm just wary about using it in an encyclopedia (and I spent a lot of time cleaning up random incorrect quotes in a previous version of this article that I am a little anti) - I don't mind much either way tho. The AU Law Review source is genuinely extremely good and I'm glad you found it. You have probably noticed I'm periodically sneaking it in to back up other things. Joe (talk) 20:01, 8 May 2024 (UTC)[reply]

• Yahoo would be more readable in running text if it did not have punctuation.

Fixed, one snuck in when I copied from a previous version.

• Probably no reason to mention the name of the credit-monitoring service Yahoo offered its users.

DOne

• Should mention Dokuchaev was maybe under arrest in Russia at the time of the indictment. "United States officials said Wednesday that they were not certain if the Dmitry Dokuchaev arrested in December was the same man as the one named in the indictment."

I'm paywalled for that one, I'm fine for you to throw it in tho...Joe (talk) 20:01, 8 May 2024 (UTC)[reply]

• In a letter to Mayer, six Democratic U.S. Senators Did she respond?

I believe not. There's a stonewalling press comment at and then a letter letter from the chairs of the relevant Senate committee complaining about lack of information (https://www.commerce.senate.gov/services/files/35ecbbeb-9fc1-4913-9448-c8d29807f93c) so I get the impression it was just stonewalling.

• Before trial could commence Before the trial?

I have gone with 'a' - 'any' might also work

• enlisted a Canadian hacker, Karim Baratov, to break into accounts Try "enlisted Canadian hacker Karim Baratov to break into accounts"

• In June 2016, it was reported that account names and passwords for about 200 million Yahoo accounts Try "In June 2016 account names and passwords for about 200 million Yahoo accounts were listed for sale" on the darknet market site TheRealDeal." No comma before TheRealDeal. The source says "supposed credentials". Did further investigation substantiate whether this was real? Was "Peace"'s identity ever tied to an individual (or is alleged to be an individual) named in the FBI's indictment or in other inquiries? See p. 1271 in that pdf. Here Peace seems to claim he's just a data broker and is unsure of the providence of the material, saying it may have been from 2012. It's unclear if this alleged breach is one of the two this article deals with or a third breach.

Fixed the comma :)

the AU article is the strongest source we have, but it's all still alleged and vague and rests on the word of an anonymous criminal. It's relevant to the article in that it's (allegedly) what prompted Yahoo to take a look at their severs, but the FBI indictment that went out (which I feel is our strongest source) doesn't reference it (I think, I should double check that)Joe (talk) 20:01, 8 May 2024 (UTC)[reply]

• wl/define the type of attacks used in this breach. Was Cookie poisoning used? I believe I've also seen the term "spear phishing" used to describe what Baratov did. Is there a glossary or wiktionary entry to link to?

Baratov's book is annoyingly vague and slightly hard to believe on the topic of his methods. I would have bet that it boiled down to 'just spear phishing all day' but his memoir has a lot of things in it that are incompatible with that (breaking into accounts with lost passwords for example). In general Yahoo claim there was some evidence of Cookie Forging - but the FBI indictment covers a wide spread of different techniques all of which are things done _after_ access was gained. I'd bet it was originally speak phishing (because these things always turn out to be) but I don't have a clear unequivocal source.

• Relevant. [1] "Mr. Bennett said the F.B.I. was still investigating a separate, larger breach of one billion Yahoo accounts that occurred in 2013 but was disclosed by the company only three months ago. Yahoo has said it has not been able to glean much information about that attack, which was uncovered by InfoArmor, an Arizona security firm." The indictment was filed in February 2017 and unsealed in March: "The Justice Department’s 47-count indictment, which was filed under seal in Federal District Court in San Francisco on Feb. 28, immediately threatened to escalate diplomatic tensions over Russia’s meddling in the November election." Is this true?: "The Russian government used the information obtained by the intelligence officers and two other men to spy on a range of targets, from White House and military officials to executives at banks, two American cloud computing companies, an airline and even a gambling regulator in Nevada, according to an indictment.

So, there's some other sources about Infoarmour - they (along with a bunch of other security firms who I feel were looking for publicity) broadly looked at the some forums to see if anyone was selling a billion records and didn't find anything conclusive. I'd assume that NYT is a reliable source, but this quote looks like an error given that it doesn't match up with any statements by Yahoo or law enforcement.

For the diplomatic tensions bit - I imagine it did threaten to, but it's like two months before this sort of thing https://web.archive.org/web/20170515224247/https://www.nytimes.com/2017/05/15/us/politics/trump-russia-classified-information-isis.html so I don't think it was really a blip in the wild ride that is US-Russia relations.

The quote about the targets is I think almost verbatim from the inditement. I haven't got a reason to doubt it but on the other hand I'm trying to presume innocence...Joe (talk) 06:05, 25 May 2024 (UTC)[reply]

Baratov, the only man arrested, was extradited to the United States when?

Fixed

• In late November, Ireland's Data Protection Commissioner (DPC) This sentence could be split up. Yahoo was not investigating the breach but just examining it What's a better way of saying this? That the DPC was unsatisfied with the thoroughness of Yahoo's investigation? awaiting information from Yahoo on allegations that it helped the U.S. government scan users' emails, a whopper of an accusation (also echoed by Sputnik). Was this allegation connected with either of the two breaches that this article talks about? If so, say so.

That sentance was a mess and I've redone it.

• Worth mentioning? The New York Times reported Wednesday that Yahoo Chief Executive Marissa Mayer “had rejected the most basic security measure of all: an automatic reset of all user passwords, a step security experts consider standard after a breach."

Instead, Yahoo last week posted an alert on its website asking users who were potentially affected by the breach to “promptly change their passwords,” as well as any security questions and answers used to access their accounts. [2] I'll send a screenshot if you need.

I'm 50-50. There's a lot of different quotes from fairly good sources we can use to take a swing at Mayer (who was clearly in charge and who clearly wasn't prioritising security), but I'm worried about a) UNDUE WEIGHT and b) overcompensating for the lack of technical details about the breach my making the article a hit-piece. Joe (talk)

• Avoid language that is likely to become outdated. (e.g. including two that work for Russia's Federal Security Service (FSB)).

Fixed

• Marissa Mayer had reportedly denied Stamos and his security team sufficient funds to implement recommended stronger security measures, recommended by who?

Reworded

• Single quotes should only be used in news headlines and quotes within quotes.

Fixed in a couple of places.

• CEO Lowell McAdam said he wasn't shocked by the hack CEO of what company? Did Verizon renogotiate the deal as a result of the disclosure, as suggested here?

I've reworded so it's clear he's CEO of Verizon. It's certainly suggested by a bunch of outlets that there was a big negociation, and their probably was, but we have no sources in the room where it happened.

• Mayer's equity compensation bonus for 2016 and 2017 was pulled. totaling $14 million. (p. 1279) Lots of good info here.

Added.

• Democratic is capitalized in one instance but not the other.

Fixed

• Yahoo eventually agreed to settle strike unnecessary word "eventually". the FBI officially charged four men strike word "officially".

Fixed

• Yahoo's previous SEC filing on September 9, prior to the breach announcement The first SEC filing was filed to fulfill a regulatory requirement for the Verizon sale? Should say so.

Not entirely sure I follow this? Joe (talk) 06:05, 25 May 2024 (UTC)[reply]

• Verizon only become aware of the 2014 breach just two days prior to the Yahoo's It should be noted that Yahoo disclosed this to Verizon. (p. 1271, AU Law Review)

Fixed

• Identify nationality of Alexey Belan in body at first mention.

Done

• After Yahoo was identified by Edward Snowden as a frequent target for state-sponsored hackers, it took the company a full year before hiring a dedicated chief information security officer, Alex Stamos implies that Stamos was hired to shore up security as a result of the Snowden leak, which highlighted security weaknesses at Yahoo. Was that so? Also the way this was written implies that Yahoo was slow to act on the revelations and that his hiring was overdue? True?

That's certainly what a selection of sources say. I don't particularly like the inference but I think it was added in as a response to some of your earlier comments?

• That's all the comments I have for now. If you answer these you'll be about 90 percent of the way through this review. I look forward to your edits. Schierbecker (talk) 19:34, 1 May 2024 (UTC)[reply]

  This looks great. I’m going to take a few days away from the internet for mental health reasons (happily unrelated to Wikipedia, obviously)but will be right on it when back. Joe (talk) 17:50, 2 May 2024 (UTC)[reply]

• Take all the time you need. Schierbecker (talk) 18:44, 2 May 2024 (UTC)[reply]

Lede

• Neither breach was revealed publicly until September 2016. Try "Although Yahoo was aware" and use active voice. Maybe a good place to highlight the compartmentalization at Yahoo. Also somewhere in the body of the article.

Hmmm... I don't know how much I buy that compartmentalization was any more or less than at equivilent companies... it feels like a leap when we don't even have technical details for the breaches?

• One MOS:$ in the lede.

My reading of MOS:$ was that the first usage should be "US$"?

• I know Yahoo operates around the globe, but it would be appropriate to mention that it is an American company to explain jurisdiction and why the FBI was involved.

I'm game, but it was also investigated by other countries? I think this has come up before and we don't have a clear steer from MOS...

• Spell out and wl SEC. wl, U.S. Congress.

Done.

• significant implications for Verizon Communication's acquisition of Yahoo. Should mention that the acquisition was happening contemporaneously.

I've popped the year in.

August 2013

breach

• No information has been released about the method used. Use ((as of|YEAR)) for statements likely to become dated.

Done, good tip!

Early 2014

security culture at Yahoo

• Need nationality of Edward Snowden and claim to fame.

Done (finding a short word for Snowdon took a while!)

• it took the company a full year a bit arguementative. Be a little more objective. Marissa Mayer had reportedly denied Stamos If I recall from the source correctly, this allegation should be attributed to Stamos, right? he departed the company by 2015. does the source say why?

Rewored - I don't think the quotes I've found are attributed (I do think they come from him, but...)

Late 2014

breach

• Give nationality and main claim to fame of Alexey Belan at first mention.

Done.

• User Account Database should probably be uncapitalized

Hmmm, I'm vaguely sure it's capitalised in the indictment. Also it's a proper noun right? Because it's the core example. Like: there are many caves that have bats that would be batcaves, but Batcave is capitalised? Joe (talk) 06:30, 25 May 2024 (UTC)[reply]

• "Journal of comparative international management" proper noun?

Ha! Fixed.

• Belan and at least two hackers connected to him accessed user account information "Belan and allegedly two..." since these individuals haven't been prosecuted.

I've reworded the start of the section to make it clear that it's not set.

July 2016 to October 2017

public disclosures

• The Federal Bureau of Investigation (FBI) confirmed when?

Within 24 hours (on the basis it's in the the articles that are from the 23rd) but I don't have a particular source.

• In a regulatory filing in 2017, SEC? Mention the agency.

Done

• all three billion user accounts try "all three billion Yahoo accounts".

Done

Prosecution

• The four men accused include Alexsey Belan, a hacker on the FBI Ten Most Wanted Fugitives list, presumably you mean that Belan was on the FBI most-wanted list, not that there was another individual that was also on the most-wanted list.

Reworded.

• wl FSB in the image caption and also mention nationality.

Done

• The FBI claimed that Karim Baratov was paid by Dokuchaev and Sushchin to use data obtained by the Yahoo breaches to breach Is there another way to say this without repeating the word "breach". Use active voice (i.e. "D. and S. paid").

rewritten

Class action lawsuits

• uncapitalize "Judge"

Done

• number of respondents in the class did you mean to write "in the class action lawsuit"? Or is this the appropriate way to write this?

Reworded to be much more correct.

International

• On October 28, 2016 probably don't need the exact date.

Done

• at the request of U.S. intelligence services in a letter refs should go after punctuation.

Done

• They asked Yahoo to communicate all aspects of the data breach to the EU authorities, spell out EU.

Done

• Yahoo was not investigating the breach but just examining it still needs work. See earlier suggestion. Schierbecker (talk) 16:22, 22 May 2024 (UTC)[reply]

  Okay, thank you for being patient - I think I've covered everything outstanding? What do you think? Joe (talk) 13:24, 25 May 2024 (UTC)[reply]

Dealt with earlier.

Nearly there.

lede

• These incidents not only editorializing a bit. Try "These incidents led to the indictment of four individuals linked to the latter breach, including the Canadian hacker Karim Baratov who received a five-year prison sentence and also prompted widespread criticism of Yahoo for their delayed response.

Done

• Maybe note that this was allegedly state-sponsored.

Done

• "Implications" is too weak of a word. Maybe "complications".

Done

August 2013

• There's a stray period in the first sentence

Done

• As of 2024, no information has been released about the method used. WP:FAILEDVERIFICATION. Try "As of 2017 Yahoo had been unable to determine the cause of the 2013 breach."

Done

• Former CEO of Yahoo Marissa Mayer, who was CEO repetitive. Try "Marissa Mayer, who was CEO of Yahoo at the time of the breach."

Done

Early 2014

• Overlinking Mayer.

Done

Late 2014

believed to by the US Justice Department extraneous word

Done

• Link Surviving Data Breaches

Done

July 2016

• "$12million" should be 12 million

Done

July 2016 to October 2017

• Mention that Yahoo thought the hack was state sponsored.

Done

Prosecution

Class action lawsuits

• One uncited statement

Done

• the plaintiffs contend use past tense

Done

International

• Would like to know the outcome of Ireland's Data Protection Commissioner investigation if known.

Done

General commenets/questions

• "US" or "U.S.", pick one.

Done - I picked "U.S."

• U.S. Securities and Exchange Commission is not wikilinked at first mention, but further down. Spell out at first mention.

Done

• I would definitely mention that Yahoo is headquartered in the U.S. What's the first question that emergency services asks you when you call for help? It's where are you? It is important for establishing the jurisdiction. Imagine that you are an alien or Zoomer who doesn't know about Yahoo. Never is it mentioned that the servers are located on U.S. soil, so it may be disorienting to you as a reader to read that the FBI is extraditing people from Canada. Also one line reads, "Foreign governments have also shown concerns on the several data breaches." Foreign to where?

Done

• Did Yahoo apologize to users for the breach?

Mayer certainly did at congress https://www.reuters.com/article/idUSKBN1D825V - (there's a cute fact about the volentary testimony at the bottom) but Yahoo certainly didn't at the initial disclosure. It's an odd PR 'thing'. I can definately put Mayer's bit in somewhere?

• Re:compartmentalization: I would at least mention that Mayer said she was unaware of the breach.

I think I might have missed that in the sources? Can you point me in the right direction.

• I would incorporate some of the information alleged by Infoarmor, highlighting where it's analysis differed from the FBI and Yahoo. (WSJ). At minimum I would add:
  • That Infoarmor believed the hacking group was Eastern European.
  • That the group sold the bulk Yahoo data three times, but switched to an à la carte model in 2015.
  • That contrary to Yahoo's claim, it believed the hacking group was profit-motivated, not state-sponsored, but that some of their clients were state sponsored.

Added with a certain amount of discretion.

• WSJ claims that Yahoo contacted the FBI within weeks of the 2014 breach. It's important to tread carefully here as the WSJ wasn't able to fully connect this event to the event described by this article.

That's a different event - it's included in a few other sources.

• A very useful source: ArsTechnica.

With my computer-person hat on - it's nice that the FBI said this but it's entirely within what one would privately expect: the vast marjority of large scale breaches are spear-phishing and the only thing suprising here is that Yahoo's logging was bad enough that they don't know who got phished, or, it appears, much else about the whole affair.

• Let me know if you would like access to any of the paywalled sources in this article. Schierbecker (talk) 17:00, 25 May 2024 (UTC)[reply]

This batch has been processed! Thank you so much for all your work on it :) Joe (talk) 06:39, 27 May 2024 (UTC)[reply]

✓ Pass Congratulations! Schierbecker (talk) 15:21, 29 May 2024 (UTC)[reply]