Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.
The company complied with a classified U.S. government directive, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said two former employees and a third person apprised of the events.
Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to a spy agency’s demand by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.
If true, then the advice for the privacy-conscious is clear: close down your Yahoo account.
After all, how could you ever trust Yahoo again?
Remember this news report comes hot on the heels of Yahoo revealing that criminals hacked into its systems two years ago and stole the account details of at least half a billion users, and that it chose not to reset users’ passwords when it had the chance.
And now we know why Alex Stamos quit as security chief at Yahoo to join Facebook:
Some Yahoo employees were upset about the decision not to contest the more recent directive and thought the company could have prevailed, the sources said.
They were also upset that Mayer and Yahoo General Counsel Ron Bell did not involve the company’s security team in the process, instead asking Yahoo’s email engineers to write a program to siphon off messages containing the character string the spies sought and store them for remote retrieval, according to the sources.
The sources said the program was discovered by Yahoo’s security team in May 2015, within weeks of its installation. The security team initially thought hackers had broken in.
When Stamos found out that Mayer had authorized the program, he resigned as chief information security officer and told his subordinates that he had been left out of a decision that hurt users’ security, the sources said. Due to a programming flaw, he told them hackers could have accessed the stored emails.
Of course, it’s possible that the FBI or NSA asked other webmail companies to provide similar assistance, and that they simply haven’t told us yet.
Remember, if you use a free service for your email – your privacy is never going to be your email provider’s highest priority.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.