Financial burden affected the decision making inside Yahoo.
By the time Yahoo decided to abandon its outdated encryption technology called MD5 in 2013, it was already too late as hackers had already siphoned over a million user data, says a Reuters report.
The report says that Yahoo Inc had launched a new project back in 2013 summer to take its security to the next level by securing the passwords of its customers by abandoning the use of MD5 technology, which by then had become obsolete.
But unfortunately for Yahoo, the report says, the hackers had already accessed the database of over 1 billion yahoo account holders, without raising the alarm of the IT giant. It was only last week, after three years of denial that Yahoo accepted to such a large-scale data theft, which is now being considered as the biggest ever in the history of Information Technology.
The report says Yahoo made the right decision to move from MD5 technology but the timing was wrong as they were too late to foresee the perils of the outdated security platform despite being warned for over a decade.
In the month of August in 2013 hackers stole the vital data from Yahoo that included poorly encrypted passwords and other information that yahoo uncovered last week.
According to the report, the hackers got access to the database as MD5 security was more easy to crack than the other hashing algorithms that use better encryption technology that converts data through mathematical functions to unrelated random characters.
According to the analytics wing of Reuters, the red alert was sent across the security professionals as early as in 2008 by Carnegie Mellon University’s Software Engineering Institute that found the vulnerability in the MD5 system.
They had found MD5 system “should be considered cryptographically broken and unsuitable for further use.”
The delay in Yahoo making the critical decision to shift its security encryption was badly affected by the business challenges faced by the company says Reuters quoting five former Yahoo employees and some outside security experts.
The stake of Yahoo in the consumer internet business started to decline since 2008 after Google and Facebook became hard for the early search engine tycoon to compete with. This resulted in revenue loss, forcing it to change priorities. In such a tumultuous conundrum, strengthened the encryption technology became less priority even though the security wing had warned the executives to flow in money towards this, but they had other priorities.
They expressed their strong feeling that such a large-scale data breach could have been stopped if Yahoo had moved to a better, Stronger hashing technology that could have made their servers more protected and less vulnerable to hacks.
“Over the course of our more than 20-year history, Yahoo has focused on and invested in security programs and talent to protect our users,” Yahoo said in a statement to Reuters. “We have invested more than $250 million in security initiatives across the company since 2012.”