In the year of 1994, Stanford University graduates, Jerry Yang and David Filo dabbled in a hobby of their own by compiling a directory of about 2,000 websites. This hobby soon turned into a full-time project as their guide to the World Wide Web garnered more than 50,000 hits a day (McCollough, 2015). What started off as “Jerry and David’s Guide to the World Wide Web”, a companion to direct new users to around the uncharted shores of the Internet, transformed into one of the most successful and groundbreaking Internet businesses of all time – a web services provider renamed as “Yahoo!” (an acronym for Yet Another Hierarchically Officious Oracle). It has since become an expansive conglomerate for technology and advertising-focused businesses.
It is a widely known fact that in the 1990s, Yahoo began to rise in fame with its web search engine which served as a starting point for even the least tech-savvy Internet users in order to be redirected to various websites. The Yahoo! Directory helped users navigate their way through the Internet with its organised tiers of subject titles (McCollough, 2015). For example, if a user wanted to look up and do research on something related to the human body, they would need to follow the path on the directory: Science → Biology → The Human Body → Organs. Before technical search engines came to be, where keywords were typed in and websites could be navigated in an instance, Yahoo! Directory was the go-to for many users despite its tedious method of manually clicking through various generic terms/headings before finding a suitable website. However, in recent years, this has proved to be one of the main causes for Yahoo! Directory’s downfall. The exponential technological advancements in the recent years have provided users with a much faster, hassle-free and accurate method of accessing information such as Google and Bing. As a result, after 20 years of service, Yahoo finally closed its directory service in 2014.
As time progressed, Yahoo launched several new services such as Yahoo! Mail, Yahoo! News, Yahoo! Answers and many more, which helped to sustain the enormous website traffic that Yahoo has amassed throughout its years of operation since 1994. Besides having its own brand of services, Yahoo also owns subsidiaries such as Tumblr and Flickr – a social media website and a photo/video-sharing application respectively (Cassell, 2015).
Introduction to Yahoo’s Hacking Crisis
Yahoo has been subjected to multiple data breaches over the years that have jeopardized the safety of their millions of users. Despite the fact that these data breaches have occurred more than once, Yahoo failed to disclose this vital piece of information with the public. The first time Yahoo disclosed a breach was in September of 2014 when almost 500 million Yahoo user accounts were hacked (‘Email hack’, 2016).
Yahoo then revealed in December of 2014 that there was another breach that had occurred earlier in 2013. This breach was of a much larger scale where one billion accounts were affected, according to Yahoo (Goel & Perlroth, 2016). The effects of the disclosure of this breach was what forced Yahoo into going through with Verizon buying over Yahoo’s core assets for $4.48 billion. This buyout offer was almost ten times lower than Microsoft’s bid to buyout Yahoo in 2008 (‘Identity crisis’, 2016) .
However, the information about the disclosure regarding the 2013 breach was found to be untrue when Verizon Communications Inc. revealed that a whopping three billion Yahoo accounts were affected by the 2013 data breach. In light of this, Yahoo suffered a loss of $350 million as compared to their original offer by Verizon (Mullen & Fiegerman, 2017).
The hack occurred with a spear-phishing email sent to a Yahoo employee. With the spear-phishing email, the Russian hackers were able to navigate their way through the company’s network and access Yahoo’s user database alongside the Account Management Tool, which is used to edit said database (Williams, 2017). This cyber attack involved information ranging from names and telephone numbers to encrypted security questions that could be used to change passwords (Goel & Perlroth, 2016).
In 2013, Yahoo launched a project that promised better security of users’ passwords and information – a security that would abandon an encryption algorithm known as MD5. The MD5 is a hashing function that helps to store passwords and checks whether the password is correct without storing it in the network. As such, the hash of the password that you use must be the same as the one that matches the hash in the network.
However, despite its advantages, MD5 has been known to be easily decrypted by security experts. Five years before Yahoo launched its security project, a warning was made public to security experts about how MD5 is unsuitable and even discouraged from being used as a security measure to protect databases. Although Yahoo has announced that no passwords have been leaked out, Stockley (2016) explained that a hacker could obtain its database of password hashes and easily decrypt with a program that guesses what the passwords contain until it correctly matches with what has been stored in the former.
This brings about the concept of requisite variety whereby organisations are faced with the challenge of being able to adapt to the environment that they are placed in (Miller, 2012). The organisation would have to recognise, understand and apply relevant solutions to the problems that they face or else they would be deemed unfit to survive in the face of conflict.
In the circumstances of Yahoo’s data theft, whether it be unfortunate timing or lacklustre decisions being made, the company’s failure to adopt a better security measure than MD5 has costed them their users’ trust in their capabilities. If Yahoo were able to adopt requisite variety by employing stronger hashing technology or security designs, it would have been more difficult for their databases to be hacked which would in turn, minimise the impact of the attack (Villas-Boas, 2017).
Despite Yahoo’s groundbreaking beginnings, the company has grown to be notorious because of its hacking breaches in the past few years. As such, the team would be analysing Yahoo’s organisational crisis by applying communication concepts to understand the entirety of the problem.
PART II: Analysis of the Problem
Introduction to Analysis of the Problem
This section explores the three communication concepts on the Yahoo hacking crisis which consists of the ineffective withhold and uphold strategy, management involved in groupthink and the adoption of Theory X management style.
Parties Involved In The Hacking Crisis
Yahoo’s massive data breach crisis is no doubt one of the biggest data breaches in history with over half a billion Yahoo users affected. The crisis evolved around the several Yahoo hacking incidents that threatened the cyber security of three billion Yahoo users in 2013 and 500 million victims in 2014 as mentioned in the above section. The stolen information consisted of the usernames, passwords, phone numbers, answers to security questions, birthdates and backup email addresses (Robertson, 2016). While Yahoo has reassured its users that most of the stolen passwords were difficult to decrypt, the cyber safety of the victims has been compromised as their stolen email addresses could potentially be targeted with spam attacks and other methods could be used to manipulate them into revealing more personal information (Kan, 2016). The victims of the severe attack not only include regular users but the US government and military employees whose data has been comprom
ised. Robertson and Jordan (2016) highlighted that the hackers have access to the government employees’ personal and official government accounts and foreign spies could easily get ahold of the accounts to target which threatens national security.
After the investigation of Yahoo’s data breaches, in March 2017, the FBI revealed that they have charged four people including two Russian Intelligence Agents, Dmitry Dokuchaev and Igor Sushchin for their involvement in the massive Yahoo hack (Williams, 2017). After confirming the 2014 data hack, Yahoo blamed the attack on a state sponsored group based on evidence that the company was under target for a while. According to Williams (2017), the group that planned the attack was the Russian Federal Security Service (FSB) where the two Russian agents paid two other criminal hackers to break into Yahoo’s system and targeted the Yahoo accounts of the Russian and US government officials. The FSB’s main motive was to steal information that had intelligence value while the criminal hackers attacked regular users’ accounts to steal data for their own financial profits. The FBI explained that the hackers managed to get access to Yahoo’s user database and the Account Management Tool which allowed them to determine their targets.
Yahoo’s second disclosure caused its market value to plunge by six percent and affected the sale of Yahoo to Verizon Sale. Based on the severity of the situation, Verizon demanded for a $925 million discount from its agreed upon purchase price. It was only after negotiation that Verizon agreed to only a $350 million discount, still a huge drop in worth for Yahoo (Owusu, 2017). Following the several hacking attacks, Yahoo and its executives had to bear with the hefty financial burden and the crisis’ consequences. Yahoo disclosed that they had spent $16 million towards their cyber incidents, of which $5 million related to forensic investigation and remediation activities, and $11 million went towards legal costs.
In addition, Yahoo faces investigations from five state and federal agencies, including the SEC, FTC, US Attorney’s Office for the Southern District of New York, and two State Attorneys General on top of the class action lawsuits previously mentioned (Coleman, 2017). In light of Yahoo’s executives accepting the consequences, Yahoo’s former chief executive, Marissa Mayer, gave up her 2016 cash bonus following the incident and the company’s top lawyer, Ronald Bell, resigned in the wake of the hack and the other breaches. Some 43 consumer class-action lawsuits have been filed against the company, Yahoo said in a May filing with the Securities and Exchange Commission (Rushe, 2017). This could result in a huge setback for Yahoo as their lack of cyber security is a huge threat to brand reputation and trust with its customers that were established over the years will be damaged.
Three Communication Concepts
A review of various sources has led to three main ideas that contributed to Yahoo’s data breach crisis. The first key idea is Yahoo’s management practiced the ineffective strategy of withhold and uphold of information from their stakeholders. The secondary main idea is that Yahoo’s management and employees were involved in groupthink on how to deal with the crisis that took place. The concern for group conformity and harmony resulted in the poor decision making of not revealing the data breaches until much later. Lastly, the third key aspect is that Yahoo’s management practiced Theory X management style where higher management were more involved in the hacking crisis while the lower level employees were not as involved.
Withhold and Uphold Strategy
The first main idea points to the management strategy that Yahoo’s management had adopted to communicate with their stakeholders consisting of their customers, Verizon and the legal committee. According to Miller (2015), Clampitt, Dekoch and Cashman organized seven managerial strategies for communicating about change (Organizational Strategies, p. 181). After reviewing Yahoo’s use of managerial strategies during the crisis and post-crisis, it was concluded that the company implemented the withhold and uphold method which was determined as the least effective strategy (Miller, 2015). The description of the withhold and uphold strategy is that the top management concealed information from their employees and maintains the party line even when their employees challenge them with questions. In this light, Yahoo’s management withheld the information about their multiple data breaches from their stakeholders and employees during the crisis stages.
Yahoo was not transparent about the series of hacking events that occurred throughout the past few years not only to the public, but to many of their own employees within the company as well. In September 2016, Yahoo disclosed the hacking incident that took place in 2014 which affected more than 500 million Yahoo users as their personal account information were stolen during the breach (Kerner, 2017). Their disclosure of the major online hack took about two years which came as a surprise to many that they did not investigate this breach earlier. According to Ponemon Institute, an institute that tracks data breaches, highlighted that the average duration an organisation takes to detect an attack is around six months and the estimated time to control the breach is around two months after discovery (Information Management Journal, 2017).
Upon finding out about the data breach in 2014, an independent committee was set up to launch an official investigation into this issue (Kuchler, 2016). Apart from the management and the employees within the independent committee, other employees of the company were not aware of the data breach and network intrusion in 2014 (Hackett, 2016). This shows that the management had the intent to cover up from its employees, which also explains how such a massive data breach could be kept under wraps from the public for more than two years. This shows that Yahoo had adopted the withhold and uphold strategy and withheld the data breach information from their stakeholders for two years since the attack.
While Yahoo has officially confirmed and admitted to their several data breach incidents, they continue to contain other important information from their stakeholders even after the disclosure. Curran (2017) highlighted that during a September 2016 Senator committee briefing conference, Yahoo’s representatives did not attempt to provide any information beyond what is publicly disclosed on the nature of the breaches and the measures they have implemented to mitigate the effects despite committing to do so. As the Senate Republican leaders had concerns that Yahoo was not completely truthful when briefing them on the hacks, they had written a letter to Yahoo’s then Chief Executive Officer Marissa Mayer in request for a response to their concerns regarding the two big data breaches. It was then reported that in December 2016, Yahoo had pledged to inform the committee but unexpectedly annulled the conference just days before it was arranged to take place on January 31 (Curran, 2017). In addition to Yahoo repeatedly withholding information from the Congress, their sudden decision to cancel the January 31 briefing raised doubts about the company’s willingness to be honest and transparent when working with the committee. Hence, Yahoo’s several attempts to avoid sharing additional information of the attacks and their future plans with the Senators committee supports the idea that they mainly use the withhold and uphold strategy.
...(download the rest of the essay above)
About this essay:
This essay was submitted to us by a student in order to help you with your studies.
If you use part of this page in your own work, you need to provide a citation, as follows:
Essay Sauce, Yahoo: Identifying the Organization and Crisis. Available from:<https://www.essaysauce.com/business-essays/yahoo-identifying-the-organization-and-crisis/> [Accessed 23-09-19].
Review this essay:
Please note that the above text is only a preview of this essay.