Late last month Yahoo confirmed a state-sponsored hacker breached data of over 500 million user accounts, making it the biggest hack in history. There's still a lot of uncertainty of who was behind this hack, which occured in late 2014, but now the Internet company suffers another PR disaster as news leaked that Yahoo basically hacked the communications of all of its users on behalf of the US government!
Sources familiar with the matter confided to Reuters that Yahoo created a tool to scan all incoming e-mails for information that may be of interest to US intelligence officials, which includes the NSA and the FBI.
According to the report, Yahoo CEO Marissa Mayer obliged with the US government request to build a custom tool to wiretap all Yahoo e-mail users, a decision that led to the June 2015 departure of Chief Information Security Officer Alex Stamos. The policy may not be limited to Yahoo e-mail accounts, the Internet company also handles e-mails for customers of companies like BT and Sky, so those e-mail accounts are possibly also affected.
Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency's request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.
It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.
In a response to the press, Yahoo spokeswoman Kaitlin Kikalo confirmed the report and said “Yahoo is a law abiding company, and complies with the laws of the United States."
However, it seems Yahoo is the only Internet giant that complied so happily with the request to spy on its users. ARS Technica received responses from Google and Microsoft. The latter denied it's engaged in the secret scanning of e-mail but refused to answer follow-up questions, while Google flat out said they would never comply with such a request:
A spokeswoman for Microsoft, Kim Kurseman, e-mailed Ars this statement, and also declined further questions: “We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.”
For its part, Google was the most unequivocal. Spokesman Aaron Stein e-mailed: "We've never received such a request, but if we did, our response would be simple: 'no way.'"
Apple declined to give a statement but points the press to CEO Tim Cook's official letter on consumer privacy, which reads in part:
I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.