On July 25th, 2016, Verizon made its formal offer to buy Yahoo for $4.8 billion dollars. We had questioned what value may or may not have remained. Although valuations were high due to Yahoo’s stakes in Alibaba and Yahoo Japan, the company’s market share and user base have been dwindling due to superior offerings from competitors that not only work hard to remain relevant, but also continuously innovate. The revolving door at the CEO position starting in 2009 highlights that the focus on shareholders and creating value were at the forefront, while optimizing infrastructure and services was a critical yet neglected component of Yahoo’s systems. As it is known that at least 500 million user accounts were pilfered through the end of 2014, this would be the time to truly take stock of what could have been done to prevent what Symantec claims is the largest known security breach yet.
With continued advancements for readily available compute, minimizing risks around facing a breach require significant investment in technology and processes to keep up with malicious actors (state sponsored or otherwise) needs to be a top priority for any organization that conducts business using an element of the Internet. If a company that once was a powerhouse in search farms out its search bar to the highest bidder, what do they do with the profits? Do they procure intrusion detection and/or prevention solutions, monitoring solutions, and complementary security solutions to the tune of $1.1 billion dollars, or do they buy a blogging site and promise not to screw it up? History has already spoken under the direction of the winner of the most golden of parachutes ever. Do not protect and enhance the security of the user base; buy something that would see a reduction in user engagement if extensive efforts to litter the pages with ads to increase revenue were enforced.
The fallout of this hack is going to take years to play out. While Verizon did well with prior acquisitions of companies and properties that fell out of favor, Yahoo is an anomaly that required a far more sweeping analysis before tendering an offer. If what valuable IP they have remains, Microsoft would have circled back and offered pennies on the dollar for it. While the Verizon buyout total is far less than the $53 billion offered by the folks in Redmond in 2008, it’s still more than should realistically have been offered. From an information security and information technology perspective, this will make for an interesting use case in future studies.