Talk:Yahoo! data breaches/GA2

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

GA Review[edit]

GA toolbox
Reviewing

Article (edit | visual edit | history) · Article talk (edit | history) · Watch

Nominator: Joereddington (talk · contribs) 06:34, 2 April 2024 (UTC)[reply]

Reviewer: Schierbecker (talk · contribs) 18:17, 22 April 2024 (UTC)[reply]


This article appears to still be a little ways off from GA.

  • The lede name-drops Karim Baratov in the lede, but doesn't identify his profession or nationality.
    • Fixed. :)
  • When did Yahoo contact law enforcement?
  • How did Yahoo come to learn about the breaches?
    • Per the above, there's a suggestion that they were informed by law enforcement, there's a suggestion that they found out about it from press asking about account data being available on the dark web, and there's a suggestion in a press release that they were doing their own investigation. I've not been able to find reliable sources that cover it. Their filing at https://web.archive.org/web/20170110014942/https://investor.yahoo.net/secfiling.cfm?filingID=1193125-16-764376&CIK=1011006 says "In late July 2016, a hacker claimed to have obtained certain Yahoo user data. After investigating this claim with the assistance of an outside forensic expert, the Company could not substantiate the hacker’s claim. Following this investigation, the Company intensified an ongoing broader review of the Company’s network and data security, including a review of prior access to the Company’s network by a state-sponsored actor that the Company had identified in late 2014. Based on further investigation with an outside forensic expert, the Company disclosed the Security Incident on September 22, 2016, and began notifying potentially affected users, regulators, and other stakeholders."


  • What effects did the 2013 breach have on users/Yahoo? When was this discovered? This breach affected six times as many accounts but there is hardly any information about it. Was it less sensitive in nature?
    • You are right. It's massive and it was broadly ignored (I mean, there was a congressional hearing but it found nothing of substance) I was extremely pleased I was able to find a source positively saying the negative: i.e. that Yahoo had released no information.
  • at least two others accessed user account information connected to Belan?
    • Fixed.
  • Yahoo also claimed that there was no evidence that the attackers were still in the system Was this proven? Article suggests otherwise.
  • From October 2014 to at least November 2016, Belan and at least two others accessed user account information Using the fruits of the 2014 breach?
    • Yes, that is the understanding. I can make this a bit more obvious in the text if you like?
  • The filing noted that the company believed the data breach had been conducted through a cookie-based attack The September filing or the November filing?
    • Fixed (The November filing of finances covering the period up to the 30th September) I've also clarified some of the nearby language.
  • it was reported that account names and passwords for about 200 million Yahoo accounts were presented for sale on the darknet market site. Which darknet site? Was this related to the 2014 breach? Do we know if anyone purchased them?
    • I'm a little confused by the first bit of the question - the darknet site is 'The Real Deal' but that's already in the text so I might need some clarity. Regarding the other questions: Yahoo hasn't released any information about which breach it might have been related to (or even if it's real), and I don't believe I have any sources covering if it was purchased.
  • Did Russia cooperate with the investigation? Was the FSB organization implicated as a whole or was this the work of agents doing unsanctioned work for the FSB on their own initiative (or even moonlighting off the clock for their own personal gain)? Which accounts did the FSB agents target. (edit: Dmitry Dokuchaev was one of those charged. He has a Wikipedia article. He should be mentioned by name. Maybe Igor Anatolyevich Sushchin too.)
    • I've linked both Igor_Sechin and Dmitry Dokuchaev. Sadly I don't have any sources from the FSB about how they feel. We have some light information about the FSB agents targeting 'people of interest to the regime' but nothing that really produces content (and I think it would be a magnet for some fringe contributions)

 On hold pending improvements. Schierbecker (talk) 18:17, 22 April 2024 (UTC)[reply]

Wonderful! Thank you so much for your review. I'll pop back shortly to do proper replies/fixes - I suspect that the answer to some of your questions is "Yahoo refuses to give any information about this and thus there are no relable sources one way or the other", but I can make some changes on the basis of this :) Joe (talk) 12:04, 23 April 2024 (UTC)[reply]
Right, I've fixed an array of things and replied to all comments. Apologies for how many of the answers are "There isn't really a source for that" I did do quite a bit of digging... Joe (talk) 18:49, 24 April 2024 (UTC)[reply]
Hi, can I check in and see what's left to do? I'm aware that the clock is ticking and I don't want to miss out on the GA because I forgot to response to a particular comment :) Joe (talk) 06:42, 27 April 2024 (UTC)[reply]
It appears that Igor Sushchin is linked to the wrong guy. Will take a look tomorrow. Schierbecker (talk) 07:22, 27 April 2024 (UTC)[reply]
Definately the wrong guy (his age is about ten years different on the indictment compared to the wiki article) Joe (talk) 19:10, 30 April 2024 (UTC)[reply]
I've used this source now :)
I've used this source now :)
I found a paragraph I'd removed previously and resurrected it (with your excellent source above)
  • Alexey Belan linked twice. Also who is he? Give a brief background. How did he escape prosecution? Where is he believed to be? Did the U.S. request his extradition? WP:BLPCRIME applies. Make sure that all unproven allegations are presented as such.
So I'm a little nervous here. On the one hand I don't want to add much content for exactly BLPCRIME reasons - all that we actually know is that he's been accused. The other problem is that Belan's own Wikipedia article is magnificently low on content. We could say that he was last known to be in Krasnodar Russia (per https://www.fbi.gov/wanted/cyber/alexsey-belan) but the major issue there is that page is showing signs of having barely been updated since before the breach... Is this in one of the GA criteria or is this more of a 'nice to have' thing? Joe (talk) 11:10, 1 May 2024 (UTC)[reply]
I guess we don't know for sure that he fled? Just that his last known location was in Russia? You could say that. Just make sure to attribute this to the FBI. Use Internet Archive to lock down when the FBI said this. Schierbecker (talk) 15:38, 1 May 2024 (UTC)[reply]
  • When was the August 2013 breach disclosed?
Fixed :)
I think this is done, I'm not sure. :)
  • Use MOS:DATECOMMA. This article is specific to the U.S., therefore it is obvious we are dealing with U.S. currency. MOS:$.
Done :)
  • [[tq|Judge Koh rejected the settlement offer,}} Need his first name. In this case I don't think his name is important, so it can just be removed.
Done :)

Schierbecker (talk) 20:57, 30 April 2024 (UTC)[reply]

  • Former CEO Marissa Mayer Should say "Former CEO Marissa Mayer, who was CEO at the time of the breach"
  • Heading should be in sentence case per MOS:HEAD
  • wl Article 29 Data Protection Working Party. Unquote, as it is a proper name. Wl names in image captions. It's not considered overlink. Briefly describe each individual and their relevance to the matter in the captions.
  • His memoir, written after his release, Try "His memoir published in YEAR".
  • Did Yahoo lose users over this? They had somewhat of an IBM-esque mojo about them: They were bleeding users before this but were mounting a come-back. They had recently purchased Flickr. I remember Mayer being this sort of Sheryl Sandberg-type figure girl boss who went from hero to zero. (did her resignation have anything to do with the security issues Yahoo had under her watch?)
  • What nationality is Yahoo?
  • Yahoo would be more readable in running text if it did not have punctuation.
  • Probably no reason to mention the name of the credit-monitoring service Yahoo offered its users.
  • Should mention Dokuchaev was maybe under arrest in Russia at the time of the indictment. "United States officials said Wednesday that they were not certain if the Dmitry Dokuchaev arrested in December was the same man as the one named in the indictment."
  • In a letter to Mayer, six Democratic U.S. Senators Did she respond?
  • Before trial could commence Before the trial?
  • enlisted a Canadian hacker, Karim Baratov, to break into accounts Try "enlisted Canadian hacker Karim Baratov to break into accounts"
  • In June 2016, it was reported that account names and passwords for about 200 million Yahoo accounts Try "In June 2016 account names and passwords for about 200 million Yahoo accounts were listed for sale" on the darknet market site TheRealDeal." No comma before TheRealDeal. The source says "supposed credentials". Did further investigation substantiate whether this was real? Was "Peace"'s identity ever tied to an individual (or is alleged to be an individual) named in the FBI's indictment or in other inquiries? See p. 1271 in that pdf. Here Peace seems to claim he's just a data broker and is unsure of the providence of the material, saying it may have been from 2012. It's unclear if this alleged breach is one of the two this article deals with or a third breach.
  • wl/define the type of attacks used in this breach. Was Cookie poisoning used? I believe I've also seen the term "spear phishing" used to describe what Baratov did. Is there a glossary or wiktionary entry to link to?
  • Relevant. [1] "Mr. Bennett said the F.B.I. was still investigating a separate, larger breach of one billion Yahoo accounts that occurred in 2013 but was disclosed by the company only three months ago. Yahoo has said it has not been able to glean much information about that attack, which was uncovered by InfoArmor, an Arizona security firm." The indictment was filed in February 2017 and unsealed in March: "The Justice Department’s 47-count indictment, which was filed under seal in Federal District Court in San Francisco on Feb. 28, immediately threatened to escalate diplomatic tensions over Russia’s meddling in the November election." Is this true?: "The Russian government used the information obtained by the intelligence officers and two other men to spy on a range of targets, from White House and military officials to executives at banks, two American cloud computing companies, an airline and even a gambling regulator in Nevada, according to an indictment.

Baratov, the only man arrested, was extradited to the United States when?

  • In late November, Ireland's Data Protection Commissioner (DPC) This sentence could be split up. Yahoo was not investigating the breach but just examining it What's a better way of saying this? That the DPC was unsatisfied with the thoroughness of Yahoo's investigation? awaiting information from Yahoo on allegations that it helped the U.S. government scan users' emails, a whopper of an accusation (also echoed by Sputnik). Was this allegation connected with either of the two breaches that this article talks about? If so, say so.
  • Worth mentioning? The New York Times reported Wednesday that Yahoo Chief Executive Marissa Mayer “had rejected the most basic security measure of all: an automatic reset of all user passwords, a step security experts consider standard after a breach."

Instead, Yahoo last week posted an alert on its website asking users who were potentially affected by the breach to “promptly change their passwords,” as well as any security questions and answers used to access their accounts. [2] I'll send a screenshot if you need.

  • Avoid language that is likely to become outdated. (e.g. including two that work for Russia's Federal Security Service (FSB)).
  • Marissa Mayer had reportedly denied Stamos and his security team sufficient funds to implement recommended stronger security measures, recommended by who?
  • Single quotes should only be used in news headlines and quotes within quotes.
  • CEO Lowell McAdam said he wasn't shocked by the hack CEO of what company? Did Verizon renogotiate the deal as a result of the disclosure, as suggested here?
  • Mayer's equity compensation bonus for 2016 and 2017 was pulled. totaling $14 million. (p. 1279) Lots of good info here.
  • Democratic is capitalized in one instance but not the other.
  • Yahoo eventually agreed to settle strike unnecessary word "eventually". the FBI officially charged four men strike word "officially".
  • Yahoo's previous SEC filing on September 9, prior to the breach announcement The first SEC filing was filed to fulfill a regulatory requirement for the Verizon sale? Should say so.
  • Verizon only become aware of the 2014 breach just two days prior to the Yahoo's It should be noted that Yahoo disclosed this to Verizon. (p. 1271, AU Law Review)
  • Identify nationality of Alexey Belan in body at first mention.
  • After Yahoo was identified by Edward Snowden as a frequent target for state-sponsored hackers, it took the company a full year before hiring a dedicated chief information security officer, Alex Stamos implies that Stamos was hired to shore up security as a result of the Snowden leak, which highlighted security weaknesses at Yahoo. Was that so? Also the way this was written implies that Yahoo was slow to act on the revelations and that his hiring was overdue? True?
  • That's all the comments I have for now. If you answer these you'll be about 90 percent of the way through this review. I look forward to your edits. Schierbecker (talk) 19:34, 1 May 2024 (UTC)[reply]
    This looks great. I’m going to take a few days away from the internet for mental health reasons (happily unrelated to Wikipedia, obviously)but will be right on it when back. Joe (talk) 17:50, 2 May 2024 (UTC)[reply]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Yahoo!_data_breaches/GA2&oldid=1221911439"