nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Yahoo! must! face! the! music! over! data! breaches! judge! rules!

Coat

There once was an almighty stink,

At a Palace that's Purple, (not pink).

She lost all our data,

Oh! How we do hate her,

But now Marissa is off to the clink!

12
0
Gold badge

You wish, but your limerick still made a nice start to the week, thanks :)

3
0
Silver badge

Now for the Vultures

Time to pick the bones clean... I hope Verizon put some cash aside in a high yield account when they bought! Yahoo! This won't be pretty, grabbing lots of popcorn...

6
0
Silver badge
WTF?

Re: Now for the Vultures

If there's a high yield account out there, I want to know so I can possibly get in on the action myself. Not likely to be let in though. Not enough millions lying around.

0
0
Bronze badge

Re: Now for the Vultures

"Time to pick the bones clean... I hope Verizon put some cash aside in a high yield account "

Verizon is probably not be liable for any damages awarded - they weren't the owner of Yahoo! when the breach happened and I suspect any damages would lie with the original Yahoo! legal entity.

This may, of course, not have much in the way of assets anymore, so the plaintiffs may well end up with nothing.

0
0
Silver badge

Ya! Who?

7
0
Silver badge

"Yahoo! had also tried to contend that the defendants couldn't prove that misuse of their credit cards (for example) was directly tied to the breach, because other breaches take place; the judge wasn't impressed."

They cant prove it but you Yahoo can't disprove it either. Unless there is a card only used in one place but seriously how many people do that.

"Judge Koh also noted that if Yahoo! had owned up to the breaches promptly, people would have been able to defend themselves by changing their passwords."

When the true scope was known they should have put their hands up and stepped into the spotlight.

5
0
Silver badge

They cant prove it but you Yahoo can't disprove it either. Unless there is a card only used in one place but seriously how many people do that.

At least one here. I have a card that is only used for my storage bill. Two reasons: it's the one bill that goes through no matter what until I'm dead; should it leak somehow, I know whose gonads to crush.

1
0
Silver badge

Re: single retailer CC.

My mum is a good example of exactly this. She has CC's for Amazon (where the only place she uses it is to pay for her Amazon orders), Target, Walmart, a local fabric store, & various other retailers. If the details linked to any of those cards, each card having slightly different identifiers to make its source apparent, ever gets leaked then she knows *exactly* who leaked it.

The company can't claim the data came from any other source because it doesn't exist in any other location; the only place that exact data got used was for that specific retailer.

She does this for tax reasons (it's easier to say which charges are tied to which CC, & each CC is for a different tax purpose) so she knows without having to sift through CC statements which charges apply to which tax catagory. Everything on CC-X is in $Catagory1, on CC-Y is $Catagory2, on CC-Z is $Catagory3, etc. That way she can hand the entire CC statement over as the receipts to prove charges on that catagory.

The upshot of this is that she can prove that a breach of any one source HAD to come from that source since the details used to use the CC tied to that account were only used for that single source.

Had Yahoo tried to use this "you can't prove the leak came from us" bullshite, mum could have countered "Wanna bet?" & slapped them with the proof that they were utterly wrong.

This single retailer single CC tactic isn't an uncommon one. Mum is just one of many in her network of sewing/craft circle that does this for tax reasons. If they run a business that does crafts, they put all the craft charges on a specific CC so they can then use that CC as "a corporate card" tied to that business. Everything charged to that card is now a business expense, written off on their taxes. If the details for that card get leaked, and they only ever use that card at a specific retailer, then that retailer is up shite creek without so much as a life preserver when it comes to the customer proving the retailer as the source/responsible party.

It's a tactic only made all the easier by every retailer & their dog trying to get a customer to sign up for a branded CC with that retailer. Go ahead & sign up! Use data specific to that retailer, used nowhere else but THAT retailer, & make sure you use it to pay for ONLY things from that retailer. The retailer can then data mine your purchase history all they like, the only data they get is stuff for their own store/products. Since you never use that CC anywhere else they can't cross link it to your buying habits at anywhere else nor anything else. If the data you used with that card ever leaks, you know EXACTLY where that data leaked from & whose nipples to nail to the wall.

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing