Yahoo Secretly Monitored Email Users for U.S. Govt., Report Says

yahoo-data-breach

At the demand of the United States Government, Yahoo secretly built a custom software program designed to search all of its users’ incoming emails for specific information provided by U.S. Intelligence officials. according to a report.

Reuters first reported the news last night, citing three former Yahoo employees and another person knowledgeable about the events as anonymous sources.

According to Reuters, Yahoo cooperated with a “classified edict” sent to the company’s legal team by scanning hundreds of millions of Yahoo Mail accounts for the NSA or FBI, according to Reuters’ sources.

While Yahoo’s alleged surveillance program is legal under the Foreign Intelligence Surveillance Act (FISA), this kind of spying would be the first of its kind—or at least the first of its kind made public.

In the past, technology companies have handed over bulk customer data to intelligence agencies on a case-by-case basis. In this case, Yahoo went above and beyond that precedent with its real-time mass surveillance of users’ email accounts.

We don’t know what exactly U.S intelligence officials were looking for, only that asked Yahoo to search for a specific set of characters, which could mean they were looking for anything from a specific phrase to an email attachment.

We also don’t know what information Yahoo may (or may not have) handed over, only that they performed the search as requested.

While Yahoo could have fought the government’s request, as they’ve done before, Yahoo Chief Executive Marissa Mayer decided to comply with the directive last year, according to Reuters’ anonymous sources. That decision may have lead to the departure of former Yahoo CISO Alex Stamos, who now works as CISO of Facebook.

In a brief initial response to Reuters’ inquiries, Yahoo wrote that it is “a law-abiding company, and complies with the laws of the United States.”

Yahoo has since issued a  longer, more carefully worded statement calling the article “misleading” but stopping short of a flat out denial of the scanning program.


And watch this for the 10 Best Resources for Evaluating IAM solutions:

Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff