Yahoo Inc. in 2015 “secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials,” according to a new Reuters article.
On behalf of the National Security Agency, the company scanned “all arriving messages” of “hundreds of millions of Yahoo Mail accounts” for an unknown “set of characters,” such as “a phrase in an email or an attachment”), according to Reuters.
“The demand to search Yahoo Mail accounts came in the form of a classified directive sent to the company’s legal team,” the Reuters article said, citing three sources who were “familiar with the matter.”
“Experts said it was likely that the NSA or FBI had approached other Internet companies with the same demand, since they evidently did not know what email accounts were being used by the target,” Reuters wrote. It’s not yet known, however, whether any companies — if asked — chose to comply.
“Yahoo is a law abiding company, and complies with the laws of the United States,” the company answered Reuters’ request for a statement.
Late last month, Yahoo Mail suffered an entirely unrelated data breach whereby infamous cybercriminal Peace hacked 200 million accounts ahead of the company’s merger with Verizon.
Peace — known for previously selling LinkedIn and Myspace data dumps — made public his intention to sell the stolen Yahoo Mail credentials on TheRealDeal, a darknet marketplace, for 3 bitcoins (which at the time was worth $1,860).
Asked for his motivation, Peace told VICE’s tech-focused subsidiary, Motherboard, “Well fuck them they dont want to confirm well better for me they dont do password reset.”