Yahoo is expanding its efforts to protect its users’ online activities from prying eyes by encrypting all the communications and other information flowing into the Internet company’s data centres around the world.
The commitment announced Monday by Yahoo Inc. CEO Marissa Mayer follows a recent Washington Post report that the National Security Agency has been hacking into the communications lines of the data centres run by Yahoo and Google Inc. to intercept information about what people do and say online.
Yahoo launched a bug bounty programme on Friday following the scandal that unravelled last month, which saw a security firm rewarded with a $12.50 Yahoo Company Store voucher for uncovering a security flaw.
In what is good news for security researchers, Yahoo said that the bounty programme will now pay up to $15,000 to ethical hackers who find vulnerabilities in its web services, a much bigger reward than its previous policy of offering a company t-shirt.
British and US intelligence agencies managed to tap into the connections between data centers run by Yahoo! and Google, and in one month this year slurped 181,280,466 records, including metadata and the contents of communications, according to new documents from Edward Snowden.
A report dated January 9, 2013, from NSA’s acquisitions directorate, detailed the operation, dubbed MUSCULAR, in which operatives from the NSA and Britain's GCHQ tapped the fiber-optic transmission cables from the non-US data centers run by the two firms.
Yahoo revealed today that it will dole out rewards of up to $15,000 (and starting from $150) to individuals and firms that inform the company of bugs and vulnerabilities classified as new, unique and/or high-risk issues, as part of an updated vulnerability reporting policy.
This is a huge change from what Yahoo has been giving to researchers who have discovered bugs and reported them to the company: a t-shirt. Just a few days ago, Graham Cluley reported that researchers at High-Tech Bridge were rewarded with a $12.50 voucher to buy a corporate t-shirt.
Yahoo has raised the ire of security researchers after handing out a measly $US12.50 each for flaws found in its websites.
Web and software companies offer so-called bug bounties, paying third-party security researchers for flaws they find in their products. Google, for example, regularly pays out bounties in the hundreds or thousands of dollars.