Yahoo has reportedly searched through all of its users’ incoming e-mails with a secret software program that’s designed to ferret out information for US government agencies.
The software program, which was created last year, has scanned hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, according to a Tuesday report from Reuters.
Yahoo reportedly created the program to comply with a US classified government directive. It’s unclear if the mass e-mail searching program is still in use.
“Yahoo is a law-abiding company and complies with the laws of the United States,” the company said in a statement.
The mass e-mail searches might go above and beyond other US government requests for information. Internet and telecommunication companies have handed over customer data before, most notably under the NSA’s PRISM surveillance programme, which was publicised by whistleblower Edward Snowden.
However, the Yahoo initiative was especially broad and reportedly required the creation of a custom software program that could search through all the incoming e-mails in real time.
It’s unclear what US government agencies were exactly searching for and if Yahoo handed any information over. But the company was querying for a “set of characters,” possibly a phrase in an e-mail or attachment, according to Reuters. Both the NSA and the FBI didn’t immediately respond to a request for comment.
Reportedly, a former Yahoo chief information security officer, Alex Stamos, resigned when he found out about the program had been authorised. The mass e-mail searching was so secretive that not even Yahoo’s own security team was unaware of it, according to the news report.
The security team didn’t discover the program until May 2015, initially assuming hackers had broken in.
Stamos didn’t immediately respond for comment. But he reportedly told his security team that a flaw in the secret program could have allowed hackers to access users’ e-mails.
News of the Yahoo mass e-mail searching comes after the company reported a massive data breach affecting 500 million user accounts. The company has blamed the breach, which originally occurred in 2014, on a “state-sponsored actor,” although some security experts suspect cybercriminals may have been the actual culprits.
IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers