Amid revelations of hacking and spying, Yahoo disables email forwarding

Users who had already set up their email-forwarding service before this month are unaffected, but those who wish to begin forwarding messages now are unable.

Dado Ruvic/Photo illustration/Reuters
A smartphone screen displays the Yahoo Mail logo in front of a code. Following a massive hack and revelation of US government reviewing message contents, Yahoo email users reported this month that they can no longer set up email-forwarding.

After back-to-back revelations that hackers had compromised a staggering 500 million Yahoo Mail accounts and that the company had complied with a US government request to open incoming emails for surveillance, some users are having a hard time switching to any of Yahoo's competitors.

While it remains unclear how many users intend to leave over the privacy concerns and bad publicity, several told the Associated Press that their ability to do so has been hampered since the beginning of the month, when Yahoo disabled its automated email-forwarding option.

Those who had already set up their forwarding are unaffected, but those who wish to begin forwarding messages now are unable.

"This is all extremely suspicious timing," Jason Danner, who owns an information technology business in New Zealand, told the Associated Press. After 18 years using Yahoo, Mr. Danner is trying to switch.

Yahoo declined to comment beyond a three-sentence notice on its website describing the feature as "under development."

"While we work to improve it, we've temporarily disabled the ability to turn on Mail Forwarding for new forwarding addresses," the undated statement says.

This development comes after the embarrassing announcement last month that a state-sponsored adversary, which the company did not name, had stolen users' names, email addresses, passwords, phone numbers, birth dates, and security questions in late 2014, as The Christian Science Monitor's correspondent Jaikumar Vijayan reported:

In Yahoo's case, the company's failure to disclose the breach for nearly two years suggests that it did not have adequate breach detection and response capabilities or that it remained mum despite knowing about it.

Either way, the consequences are likely enormous. The leak has given hackers 500 million new keys to try and break into organizations says Rajiv Gupta, chief executive officer of security vendor Skyhigh Networks.

Many of the username and password combinations may not work or lead nowhere. But some of them will lead to sensitive information, as users tend to reuse login credentials.

Then, last week, Reuters reported that Yahoo had secretly built a custom software program designed to search all incoming email for terms provided by US intelligence officials, scanning hundreds of millions of its customers' accounts on behalf of the Federal Bureau of Investigation or National Security Agency.

"It is deeply disappointing that Yahoo declined to challenge this sweeping surveillance order, because customers are counting on technology companies to stand up to novel spying demands in court," Patrick Toomey, an attorney with the American Civil Liberties Union, said in a statement. Mr. Toomey described the request as "precisely the type of general, suspicionless search that the Fourth Amendment was intended to prohibit."

Already facing a class action lawsuit over its massive hack, Yahoo could face additional legal challenges over its complicity in government surveillance, as the Monitor's Jack Detsch reported last week.

"It does certainly dovetail with our allegations," Stuart Davidson, the lawyer in the class-action case, said. "What I find most interesting is that, if the story is true that Yahoo has been giving the government access to user emails, Yahoo cannot blame criminals this time. This one is all on Yahoo."

Merissa Silk, an American expatriate mobile product manager living in Sydney, said there is an expectation that some surveillance happens in secret all the time.

"But providing the US government unrestricted access – that really, really violates our privacy," she told the AP.

Ms. Silk said she has skipped Yahoo Mail's email-forwarding feature altogether and decided, instead, to leave an out-of-office message that cites "recent data and privacy breaches" then provides customers with her new address.

Material from Reuters and The Associated Press was included in this report.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.