Yahoo Breach News Just Another Fail in the Year of the Hack
Dramatic hacks lead to headlines but don’t change consumer behavior
Yahoo’s disclosure of a massive data breach is another in a long line of security failures—in a year that might well go down as the year of the hack.
Late Wednesday, Yahoo announced that it had suffered another hack, this one compromising the account details of more than 1 billion users. The intrusion occurred in 2013, it said, and was separate from a previously disclosed hack that exposed the data of some 500 million users.
But will this hack, any more than the roiling debate over Russian interference in the US election, change the way that users behave online? Or are consumers so wedded to easy access to devices, services and platforms that they won’t change their ways?
eMarketer’s take is that the effects are likely to be minimal in the long term, although there may be immediate impacts.
“Data breaches in the past have had real but transient effects on the companies involved,” said analyst Yory Wurmser. “Think about the Target data breach in late 2013, which hurt holiday season sales and led to the ouster of the CEO.”
But longer term effects, he noted, have been muted—thus far, at least. In the case of Target, as an example, revenue has grown, albeit only by a small amount (1.9% in fiscal 2014, 1.6% in 2015), in the wake of the breach.
“I don’t see the Yahoo disclosure limiting ecommerce too much,” Wurmser said. “But I do see greater consumer skepticism of companies that track and store private information. This may push the ‘freakiness’ bar lower for some devices and services. For instance, I could see adoption of wearable technology or home assistants growing more slowly as people become more aware of how much of their personal data is tracked, and how shaky the security of that data is.”
eMarketer analyst Nicole Perrin sounded a similar note: “I think the Yahoo hack is a good example of why people don’t find it worthwhile to do more to protect themselves from breaches like this. Passwords were stolen, but they were hashed, so they’re relatively protected compared to other data that was stolen—including security questions and answers, which are also frequently reused across different sites.”
There was essentially nothing users could do to protect themselves from this hack other than not having a Yahoo account, Perrin noted. “But Yahoo has long been a huge and trusted internet firm, so the message is that you can’t trust anyone. Which means you can’t use normal email service providers, which is a pretty unreasonable thing to expect of typical consumers.”
The bottom line, she said: “Asking consumers to truly protect themselves would be asking them to stop interacting with major institutions that are embedded in normal contemporary life.”