Yahoo Adding Email Encryption After NSA Address Book Surveillance Revealed

Yahoo is finally turning SSL encryption on by default for its email users, after claims the National Security Agency had acquired masses of address books from the company and its rivals.

The latest NSA leaks indicated Yahoo contact lists were far more targeted than others. On a single day last year, the NSA’s Special Source Operations grabbed 444,743 email address books from Yahoo, considerably more than 105,068 from Hotmail, 82,857 from Facebook and 33,697 from Gmail.

Yahoo email targeted

If that was a typical day, the Washington Post reported, the NSA could be collecting as many as 250 million address books a year from email and instant messaging bodies.

These contact books don’t just contain a name and an email or IM contact, but address and telephone details too.

The reason why Yahoo is being targeted far more than others may be because of its lack of SSL by default, which provides encryption around communications. Starting in January, it will encrypt all of its users’ email, a spokesperson said.

The other providers named in the report have all had HTTPS communications turned on by default for some time.

Facebook and Google said they were unaware of any NSA targeting of their users’ contact books, whilst Microsoft said it “would have significant concerns if these allegations about government actions are true”.

It appears the NSA is harvesting the data when it is in transit, not at rest, by tapping pieces of Internet infrastructure. If true, it would not have to collude with any of those Internet giants to get at the data.

Whilst Yahoo has proven it fought US intelligence data requests vociferously in the past, the company has faced criticism over its security.  It was lambasted for offering security researchers a $12.50 voucher for finding vulnerabilities last month and subsequently pushed out a full bug bounty programme.

Its email users were left open to attacks earlier in the year, thanks to some failed software patches.

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago