The latest alleged leaks regarding the US intelligence agency, suggest the NSA grabbed 444,743 email address books from Yahoo in one day.


Yahoo Mail Security

The latest NSA leaks indicated Yahoo contact lists were targeted more than others and by a large margin. On a single day last year, the NSA’s Special Source Operations harvested 444,743 email address books from Yahoo; which is significantly more than the 105,068 from Microsoft’s Hotmail; 82,857 from Facebook and 33,697 from Google’s Gmail.  If that was a typical day, the Washington Post reported, the National Security Agency could be collecting as many as 250 million address books per year from email and instant messaging companies.  These contact books don’t just contain a name and an email address, as if that wasn’t enough data, but also contains address and telephone details too.

Maybe the reason why Yahoo is being targeted more than other providers is because of its lack of SSL by default, (SSL provides encryption). That, however, is about to change. From January 2014, Yahoo will encrypt all of its users’ email, a spokesperson has said.  The other providers named in the report have all had HTTPS communications turned on by default for some considerable time.  Microsoft said it “would have significant concerns if these allegations about government actions are true”.  Both Google and Facebook said they were unaware of any NSA targeting of their users’ contact books.   It appears the NSA is harvesting the data when it is in transit, not at rest, by tapping pieces of Internet infrastructure. If this were true, it would not have to collude with any of the targeted companies mentioned, to get at the data.

Whilst Yahoo has proven it fought US intelligence data requests noisily in the past, the company has faced recent criticism over its security. Yahoo email users were left open to attacks earlier this year, due to failed software patches and the company was lambasted for offering security researchers a $12.50 voucher if they could find vulnerabilities last month and subsequently employed a full bug finding programme, with bounty resulting for their efforts.

[Image via: leaderpost]