German cyber agency
chides Yahoo for not helping hacking probe
Send a link to a friend
[May 11, 2017]
By Andrea Shalal
(Reuters) - Germany's federal cyber agency said on Thursday that Yahoo
Inc had not cooperated with its investigation into a series of hacks
that compromised more than one billion of the U.S. company's email users
between 2013 and 2016.
Yahoo's Dublin-based Europe, Middle East and Africa unit "refused to
give the BSI any information and referred all questions to the Irish
Data Protection Commission, without, however, giving it the authority to
provide information to the BSI," Germany's BSI computer security agency
A BSI spokesman said it decided to go public after Yahoo repeatedly
failed to respond to efforts to look into the data breaches and garner
lessons to prevent similar lapses. BSI also urged internationally active
Internet service providers to work more closely with it when German
customers were affected by cyber attacks and other computer security
Yahoo did not respond to requests for comment, while Ireland's data
protection agency was not immediately available.
The BSI's statement comes at a time of heightened German government
concerns about Russian meddling in national elections in September,
after cyber attacks on the French and U.S. presidential elections which
have been linked to Russia.
The U.S. Justice Department in March charged two Russian intelligence
agents and two hackers with masterminding the 2014 theft of 500 million
Yahoo accounts, marking the first time the U.S. government had
criminally charged Russian spies for cyber offences., while U.S.
officials have charged Russian intelligence agents with involvement in
at least one of the hacks that affected Yahoo.
Moscow has denied any involvement in hacking.
The BSI said it did not yet have any concrete information about the data
breaches because of Yahoo's lack of cooperation.
[to top of second column]
A photo illustration shows a Yahoo logo on a smartphone in front of
a displayed cyber code and keyboard on December 15, 2016.
"Users should therefore be very careful about which services they want
to use in the future and to whom they entrust their data," BSI President
Arne Schoenbohm said in a statement.
The BSI chief reiterated his recommendation that German consumers
consider switching to other email service providers, adding that
certifications such as those offered with C5-class cloud service
security were valuable for customers.
C5 is a German government scheme to encourage cloud-based internet
service providers to attest they use various safeguards against cyber
Late last year Yahoo, which has agreed to be acquired by U.S. telecoms
giant Verizon <VZ.N> and is set to be merged with AOL to form a new
business known as Oath, revealed a data breach dating back to 2013 of
one billion user accounts.
The various disclosures led Verizon to cut the amount it was willing to
pay for Yahoo by $350 million on its previously agreed $4.83 billion
deal. Yahoo has said it expects the merger into Verizon to close in
BSI said an additional 32 million Yahoo users were affected by cyber
breaches in 2015 and 2016. A spokesman for the agency said he was
unaware of any additional breaches in 2017.
(Additional reporting by Eric Auchard in Frankfurt; editing by Alexander
[© 2017 Thomson Reuters. All rights
Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.