Home Library Translate
A A A
Share »
Follow us on Facebook Follow us on Twitter Follow us on LinkedIn
Connect »

Blog: Crisis Management

Menu

  • This Blog's Home
  • Guest Writer Submissions
  • Policies
  • To Subscribe to a Blog
  • About
  • Feedback

Yahoo’s Crisis Management after Hack Lacks Key Ingredient

By Jonathan & Erik Bernstein on February 14, 2014

VP Jay Rossiter’s message to stakeholders was missing something important…

Late last month, Yahoo joined the ranks of organizations to have been hit by hackers in 2014. Never good at any time, the fact that the company has already been under fire about an extensive downtime for its Mail service in December, as well as a Flickr outage that left users floundering, means this incident brought an extra dose of reputation damage.

While Yahoo is staying mum on exactly how many were affected, here’s what senior VP Jay Rossiter had to say about the situation in a blog post:

Security attacks are unfortunately becoming a more regular occurrence. Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.

Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.

What we’re doing to protect our users

We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account.

We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack.

We have implemented additional measures to block attacks against Yahoo’s systems.

What you can do to help keep your accounts secure

In addition to adopting better password practices by changing your password regularly and using different variations of symbols and characters, users should never use the same password on multiple sites or services.  Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks.

We regret this has happened and want to assure our users that we take the security of their data very seriously.

For more information, please check our Customer Care help page.

By Jay Rossiter, SVP, Platforms and Personalization Products

While the explanation of steps taken and the re-securing process are easy to follow for even the average user, can you spot the missing ingredient in Yahoo’s crisis communications?

If you said compassion, you’re on the ball. Not once did Rossiter express compassion for the stress, concern and confusion that affected users undoubtedly experienced. He came close with the “regret” statement, but fell short of actually commiserating with his constituents, a mistake that undoubtedly hurt Yahoo’s overall crisis management efforts.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]

« Previous Next »

Search Our Site

Meet this Blog’s Co-Hosts

Jonathan L. Bernstein, founder and Chairman of Bernstein Crisis Management, Inc. has more than 25 years of experience in all aspects of crisis management – crisis response, vulnerability assessment, planning, training and simulations.[Read more ...]


Erik Bernstein is president of Bernstein Crisis Management. Erik started with BCM in 2009 as a writer and subsequently became social media manager for the consultancy itself as well as for a number of BCM clients before moving to the president position. [Read more ...]

Recent Blog Posts

  • Digital and Online Now Main Source Of News
  • Are You Prepared For 2021? New Crisis Management Survey Out Now
  • Crisis Preparedness and Response Is About To Get Tougher
  • How to Create a Crisis Management Plan to Respond to a Cyber Breach
  • Audi’s ‘Insensitive Ad’, or Why you always ask how else an image could be interpreted.
  • The Road To Crisis Recovery
  • Preparing DURING The Pandemic
  • Coronavirus: What You CAN Control
  • Southwest’s COVID-19 Crisis Communications And What You Need To Be Doing
  • Crisis Manager On The Spot…Quick Coronavirus Crisis Communications Tips

Categories of Posts

  • Avoid the Apology
  • college crises
  • communications
  • conflict resolution
  • Crisis Assessment
  • Crisis Avoidance
  • crisis communications
  • crisis management
  • Crisis Management Quotables
  • crisis planning
  • crisis preparedness
  • Crisis Prevention
  • crisis public relations
  • Crisis Response
  • crisis training
  • customer service
  • cyber attacks
  • cyber bullying
  • cybersecurity
  • data breach
  • Dealing With Media
  • Digital Media Law Project
  • disaster crisis management
  • disaster prevention
  • Disaster Response
  • disease crisis management
  • emergency management
  • Erik Bernstein
  • ethics
  • Facebook
  • food industry crisis management
  • hackers
  • hacking
  • Higher Education
  • hospitality
  • HR
  • information security
  • Internal Communications
  • internet crisis management
  • internet security
  • Jonathan Bernstein
  • Journalistic ethics
  • Law
  • Litigation PR
  • litigation-related crisis management
  • Media Relations
  • media training
  • online crisis management
  • Online Reputation Management
  • political crisis management
  • PR
  • preventable crises
  • privacy breach
  • privacy violation
  • Public Relations
  • recall crisis management
  • Reputation Management
  • Risk Management
  • SEO
  • social media
  • social media crisis management
  • social media policy
  • social media reputation management
  • sports crisis management
  • violence prevention
  • vulnerability audit
  • Weiner Awards
  • workplace violence

Blogroll

  • Bernstein Crisis Management Blog
  • Jonathan Bernstein's HuffPost Blog
  • The Crisis Show

Related Library Topics

  • Assessments
  • Business Insurance
  • Computer Security
  • Coordinating Activities
  • Crisis Management
  • Employment Laws
  • Ethical Analysis
  • Lawyers (Using)
  • Managing Change
  • Marketing
  • Media Relations
  • Organizational Communications
  • Planning
  • Public Relations
  • Risk Management
  • Safety in Workplace
  • Bernstein Crisis Management Blog

Library's Blogs

  • Boards of Directors
  • Building a Business
  • Business Communications
  • Business Ethics, Culture and Performance
  • Business Planning
  • Career Management
  • Coaching and Action Learning
  • Consulting and Organizational Development
  • Crisis Management
  • Customer Service
  • Facilitation
  • Free Management Library Blogs
  • Fundraising for Nonprofits
  • Human Resources
  • Leadership
  • Marketing and Social Media
  • Nonprofit Capacity Building
  • Project Management
  • Quality Management
  • Social Enterprise
  • Spirituality
  • Strategic Planning
  • Supervision
  • Team Building and Performance
  • Training and Development
About Feedback Legal Privacy Policy Contact Us
Free Management Library, © Copyright Authenticity Consulting, LLC ®; All rights reserved.
  • Graphics by Wylde Hare LLC
  • Website maintained by Caitlin Cahill

By continuing to use this site, you agree to our Privacy Policy.X