One benefit of these incidents at Yahoo! is that they represent salient, clear examples of the cost of poor information security. CIOs and security directors will be able to point to this deal as evidence that poor security can have material impact on the business and destroy massive shareholder value, even years after the fact. A 6.5% intra-day dip sends a clear message. Even a CFO can now see that information security should be viewed as vital insurance that directly impacts shareholder value.
This is a really important point. Yahoo!'s troubles help make a quantitative point to people who care only about money.
Having been in the role of advocating investing in security the typical questions are;
* "Will the product run faster?",
* "Will the customers get better service?",
* "Will someone choose us over a competitor
because of this?"
Generally 'no', 'no', and 'hard to quantify' so the answer to the funding request is "Sorry, not at this time."
But if you can say, "When you try to sell this company to another company, the strong security policies and technology this funding will provide insurance against having a security breach like Yahoo! and tanking the sales price."
Now that resonates because they probably have a lot to win or lose over the sales price of the company in a merger/acquisition strategy.
"Its a few million now, but without it, it could cost you billions of personal wealth down the road. Now who's in?"
Isn't the answer to "will the customer get better service" a definitive "yes"? I mean, obviously it depends on the UX of said security feature(s), but generally speaking, more secure == better. Right?
Not necessarily, lets say its just "security debt." Start with something like "we built this system with MD5 passwords in the user rows of a database that includes a bunch of other information" And 10 years go by and you (the guy who worries about security) realizes that hey, rainbow tables can be really really big these days, perhaps MD5 isn't the answer anymore.
So you go to the annual planning meeting and you pitch to the execs ,,, We want to take 5 engineers to first fix the password encryption we are using, second to update all the databases, third to build and test a system that makes swapping out the encryption method of passwords easier and less disruptive in the future, and finally updating the build system to do some sort of regression test on passwords to insure we aren't creating new services with weak algorithms.
The person after you pitches ... we'd like to take 5 engineers to build an algorithm to identify viral videos on the web and then put them into an iframe on our properties, thus increasing the length of time someone spends on our web pages which early A/B testing with some hand picked videos suggests increases revenue per page by .5%.
They give the 5 engineers to the kitten project it makes for more revenue.
A year goes by, the security guy pitches and the second pitch is "Our videos are doing great but we have discovered that people really hate that it takes three clicks to change their preferences on page layout. We want the 5 engineers to tweak the portal pages to make customization easier and we'll add a frictionless ad portal where they can just click on a product that appears and it will order it for them."
The updated portal gets the 5 engineers.
Now they are at a due diligence meeting with a potential suitor who discovers that millions of passwords were breached and later compromised because for years they knew they were using an insecure way of storing them but had not done anything about it. This materially affects what they consider the 'value' of the company to be.
The challenge is that if the security guy is really good the customers don't "see" anything, just their password is better protected than it was, and future projects start with strong password management systems. So from the people visiting the web property "nothing" changes. From the executive planning group's perspective they have spent 5 precious head count on a feature that they will have no way of "reporting" its success either in their own resumes or to their bosses. Kittens and better click through? Easy to measure and report and you can point at dollars in the bank as the benefit.
Not really. Passwords are a pain in the ass - and every new complication adds bugs. Things were a hell of a lot easier when you could just put something up and not worry about security.
That said, the alternatives are much worse than the price of security.
It's great if the higher up executives / managers starts valuing security, and are more open to the idea of reallocating more company resources (employee time) accordingly.
How will this pragmatically trickle down to middle managers and their subordinates? With politics and personal incentive that are potentially unaligned with the company's long term interests (not having a data breach), will more resources actually be spent on security?
The return on investment of information security is not obvious / tangible, especially on a quarterly basis. Data breaches are "black swan" events, rarely occurring but with disproportionate consequences when they do occur. It's harder to quantitatively track progress, or lack thereof, of investment into security.
People can (over) claim the amount of time reallocated to security. These claims would be hard to falsify. Teams who are behind on other deadlines can blame time being reallocated to information security. Managers can use the purported reallocated time to spend on feature work, or whatever it is that makes them look objectively better for promotion.
I admit I'm being a bit cynical. I think company culture would help mitigate these issues. Executives valuing information security, even if it's just words rather than policy, nurtures such a culture.
From the top down, executives need to communicate that it is a company priority. Even better if they can make it a cultural thing, instead of an afterthought. A lot of the time, engineers just don't know best security practices or in the case of web development, common exploits[0].
For middle management and below, if upper management doesn't care about security, despite the "look at Yahoo" argument, then you'll find no leverage there for security funding. If they care at all, then managers and individual contributors can argue for security to stand out and accelerate their career. Yahoo's security troubles brighten the spotlight on the need for security funding at companies for training, audits, and setting aside time to do retroactive security work. It's not a silver bullet, but it helps.
I believe the cost to Target was quantifiably roughly US $300 million.
Some people say it materially affected their brand value but outside of the costly downtime during the holiday sales period I am not certain it affected their brand much if at all.
I didn't down vote but lots of devs don't have that sweet luxury to not be held accountable for what they're working on in quantitative business terms.
A strong security posture is not a perfect security posture. It seems likely that someone will invest in security, get hacked anyway in a really sophisticated way, and feel that they wasted all that money.
BitSight provides a service that quantifies the security of a company based on publicly visible data. Even now it is being used for underwriting insurance and for evaluating alternative partners.
Other sources [1] estimate the impact on Yahoo's core business, after subtracting out Alibaba's stock movements, at about $1.3B. On a $4.8B deal, that's about 27%.
The drop seems excessive to me, even taking into account BABA's daily performance. Bought some shares but didn't bother hedging against BABA so it's essentially an investment in BABA and baby arb, would definitely look into more serious hedging if I were managing more capital.
If buying IP means that you're buying a codebase so full of security holes that it'll likely result in a billion dollars worth of lawsuits in the future, a billion dollar drop in valuation is rational even if the existing valuation is negative.
Consider how one sometimes says "the chairs in the building are valued higher than the stock"--like, it's so low that the actual stuff they have is worth more than that even after liabilities.
Yeah I mean the cost has always been there but this is the first time I recall lots of media coverage around the reality that incidents like this can cost billions, seems like it's finally sinking in.
I wonder how much this is influenced by shows like Mr. Robot where the entire plot revolves around infosec bringing down the world's massivest corporation.
Of course Mr. Robot could itself be a symptom of the zeitgeist.
I don't think many people understand what computer security means either way and to get a qualitative answer, you need to know about almost every aspect of development AT A PROJECT LEVEL. what is a potential buyer going to ask, "how's your computer security?" - "it's great, ok"
That's a part of it, but we've seen other examples like Target, without a lot of real change.
The problem is that it's hard to evaluate security. Unless you know the area very well, it's hard to hire someone that knows the area well, which is a catch-22.
Do we know that Yahoo skimped on security, or did they just not get what they paid for because they didn't know better?
>> they represent salient, clear examples of the cost of poor information security.
I'm seriously flabbergasted that they continue to let this happen. The last time you would've thought head would roll, they would batten down the hatches, notify users and be completely proactive in defending against another attack.
To me, it looks like they just said, "Well, fuck it, it won't happen again, why invest the time and money to protect our users?" I'd also point out the breech they're referencing was from 2013 so any data that was pilfered has already been running wild on the underground and been passed around a few thousand times. Another reason it just shows they don't care at all.
After this, no investor should touch this company with a ten foot pole.
As you mentioned, this breach is from 2013, so no matter how much they've stepped up their infosec game since the last breach the damage was already done.
The delay in them discovering the breach isn't that alarming either. If you didn't have systems in place to detect an intrusion, how do you retroactively find one? Companies usually don't find out until law enforcement contacts them or they accidentally stumble across the backdoor.
So, does Yahoo still have poor infosec? I'd guess so. But this newest breach isn't evidence of that, it only shows how bad their security was in 2013.
The stock price is a paper loss, it means nothing if Yahoo is acquired for the full purchase price Verizon asked for. So it remains to be seen if there's any meaningful punishment by the market for these kinds of breaches. Even if 6.5% stands, it's basically saying the per user value/cost of the breach is about a quarter (as in the coin).
The article is about Verizon threatening to pull out of the deal, or use the breach as leverage to secure a lower price. The market thinks that may happen, hence the fall in price.
Even if Verizon end up paying the full price, the fact that investors really worried that they wouldn't is enough to share future companies.
To be fair it's a post Snowden world and it's clear everyone is doing this. Amazon, Google, Microsoft, Apple, and everyone else who operates in the USA are giving the NSA everything.
If you care about your data you are basically only able to secure it if you host it yourself.
Even then, if you're a big enough target, how confident can you be that Dell or Cisco or Intel or AT&T or Seagate aren't giving them a backdoor into your operation anyways?
It's pretty revolting, but my assumption is that if the US government _really_ wants your data, it's virtually impossible to block all the vectors they have to get at it.
or how about ... "if you care about your data, don't put it on the Internet. If you do, use E2E encryption."
It's important that people also don't fall into the illusion that their Infosec skills can match that of google/apple engineers. These guys are some of the best there is.
Yahoo controls 8% of search traffic and costs $4bn. Google controls 64% of search traffic and costs $558bn. That's a 17-fold difference in the price for 1% of the traffic. Even more if you take US search traffic only (to exclude Yahoo Japan).
Verizon can get rid of the costly parts of Yahoo (mostly its media business) and have its own small Google to make cash. That was $1.8bn per year in 2015, while Yahoo's overall revenue stands at $3.9bn (Asia excluded). So Verizon buys the company at 1x revenue.
Yahoo! earns less than Google per search [1], has few other properties, is trashing its already-moribund brand and keeps growing its legal liabilities. Consider, too, the political/headline risk Verizon would inherit.
Yahoo! (like Twitter, in my opinion) may only find a buyer in that sort of financial purchaser who doesn't mind looking bad resurrecting corpses. Unfortunately, those bidders are notorious low ballers.
Private equity turn around guys that slash the employee base, take on massive debt, restructure everything but often extract a lot of value. I can see it happening.
However, they are hemorrhaging money. You don't generally buy for revenue unless you're buying a small startup, where the growth rate is exponential and you'll become profitable once you hit economies of scale.
Yahoo has already ostensibly hit economies of scale, is stagnant in terms of growth, and is losing both money and eyeballs. What part of that is attractive to the balance sheet? You might not even be able to milk it to its demise, as it's currently unprofitable.
I don't know man. but if you loan me $4bn I will buy Yahoo and run it myself. I too don't understand how they can't make Yahoo a success. They have a couple of great products that people use like Fantasy sports and Finance.
And mail would be just fine if they'd remove all the crap so it would run faster.
Lots of non techy still uses yahoo mail, and that won't change as long as the service exists.
I dunno - I feel like it's committing Dunning-Krugers to say, "Just run Yahoo! better, sheesh." because there's a ton we can't see on the surface of the company, looking in, that the business currently has to cope with.
If anything, these two hacks being announced years later, along with their voluntary NSA backdoor, demonstrates that Yahoo! has skeletons in their closet.
It is, but at this point what have shareholders got to lose? By the way, I'm available. I went on record in my book 21 years ago that Yahoo was my favorite web directory (the term 'search engine' hadn't been coined at that point) so I've been following Yahoo since not long after it was a gleam in Jerry Yang's eye. At this point I figure that makes me as qualified as anyone else to run it.
Inquiries to my username...@gmail. Go on Yahoo board, ask me why I switched and you might learn something useful.
User metrics may not look so great. I have no idea what Yahoo's are but over the next few years most of those mail users are going to be accessing through the phone or checking their webmail a handful of times a year until they forget they have it. They could keep habitual users for decades but that won't be worth billions of dollars.
I used the phrase "management assisted suicide" recently, which basically means figuring out how to maximize return to shareholders given a future that guarantees death.
That's probably completely wrong. The patent landscape has changed dramatically in the past 5 years.
The likelihood they could extract significant sums of money from these patents drops every day.
I mentioned this in another comment but how does Yahoo even know that its intellectual property wasn't taken?
Is it unreasonable to suspect that a company that has had multiples breaches of security of this extent might also not have had its IP taken out from underneath them as well?
when you patent something it's always in the public domain, that's the point of patents, except that the ownership isn't public domain just the knowledge of a particular tech. but yes, nothing guarantees that tech they had in the pipeline isn't being stolen right now.
but if the details of a patent have been stolen the patents still have value, except for when the exact implementation of a patent can be circumvented due to access to plans.
First assumption, other costs are negligible: no, I'm not. Every dollar spent on salary is a dollar that doesn't go to profit.
Second assumption: letting 80% of staff go won't hurt. For that, I simply have to describe what I've heard from friends / coworkers / scuttlebutt about working at yahoo. But there are a lot of eng doing maybe a couple hours of work per day.
Y! search marketshare is falling. I don't have the numbers in front of me, but I seem to remember their search revenue falling faster than marketshare, ie even their revenue per search is declining. Lots of Y!'s money from display/brand advertising on their site families, which is why Y! mail is so crucial. Unlike google where display ad revenue is on other sites, Y display ad revenue is on their sites: mail, dating, news, finance, sports, etc. Y! mail in particular was a key leg of this monetization strategy which is why its neglect is so appalling from a financial perspective. See also the giant RMX fuckup -- Y! should have been ADX/appnexus but yahoo did what yahoo does.
Grandparent was using "for" as in "per". The 1% is irrelevant. It could be any unit of search.
"That's a 17-fold difference in the price per 1% share"
"That's a 17-fold difference in the price per 8% share"
"That's a 17-fold difference in the price per search"
Search ads are the majority of google's revenue. They make money on ads embedded on other pages but nothing like they get from search ads.
Searches are also what drive relevance on other pages' embedded ads. Because you search on Google, they know how to target ads when you are browsing elsewhere.
They are way more effective than basically any other form of online advertising, because the user has effectively just typed "I have intention to purchase X" into the search engine, and you as the advertiser get to be the first result they see.
(Also most people honestly don't know the difference between sponsored results and real search results)
A search ad is worth way more. Someone browsing the news isn't necessarily looking to spend money. A person searching for a book title(or any item or category) is probably looking to buy it. That data, intent data, is the key to their success in ads, because the person seeing the ad is way more likely to convert
That's like saying Apple is worth $600 billion, Motorola is worth "only $12 billion", but has 1/10 of Apple's market share, so therefore it must be a great deal to buy Motorola. Wait, actually that's exactly what Google thought - and they quickly saw the error in that sort of thinking after they purchased it.
Do you see how that argument is flawed? Leaders in a market tend to be worth much more and have much higher profits than even the 2nd player in the market, let alone the third or fifth. When you have a small percentage of the market, it's also much more difficult to make something out of it, than it would say for a market leader to go from 30% market share to 50% market share (and billions of dollars more in revenue).
We could repeat the argument for a small social network that has a much lower market value than Facebook per user, and so on.
I don't recall any analysis of the Google/Motorola deal pointing to a rationalization like this. I do recall Motorola's CEO announcing on an earnings call that if Motorola didn't soon find market sucess with Android it would be willing to start suing other Android ODM partners with its patnet portfolio. Given how quickly Google cancelled all its other product lines, and even sold off the cable box and network equipment business, and then finally sold to Lenovo, it seems like it was always clear in retrospect that Google bought Motorola to peaceably unwind without causing a civil war to the whole platform ecosystem they were building. That being said, I think you did very accurately call out the parent comment's reasoning and exactly what's wrong with it in cases like this. When companies are at a deep, deep discount to their market-leading peers there's usually a reason.
This isn't a good comparison. Google specifically bought Motorolla to use their patent portfolio as a cudgel to keep all the other Android OEMs in line.
> Google specifically bought Motorolla to use their patent portfolio as a cudgel to keep all the other Android OEMs in line.
Not just Android OEMs but other tech giants - remember this was not long after the Nortel/Rockstar episode. The patent cold war was heating up with proxy battles and occasional direct skirmishes; Google found itself with a 'patent-gap'. Fortunately things are much saner now after a change of management at several belligerents.
I thought they sold Motorola because all the other OEM's were threatening mutiny, specifically Samsung was creating their own OS bec they were worried about being priced out of the market.
I question the long-term value of being the 3rd or 4th biggest fish in the pond. I mean it's not chopped liver but the gap is always gonna be widening due to network effects.
OK, what's it going to take to keep tumblr running? That's literally all I care about here. Everything else in Yahoo can be gotten or done elsewhere, but tumblr's a social network, so there's value in preserving those connections.
Tumblr has insanely high operating costs and practically no revenue stream. Yahoo has spent a lot of time and money (while fighting with Tumblr people) to get these costs down, but much of that work would be undone to separate Tumblr from Yahoo.
So much of Tumblr's traffic is comprised "non-monetizable" porn sites that Yahoo foots the CDN bill for, which does nothing to build the brand or the social aspect of the service. They can't truly crack down on it though, because that would reveal the truth: there isn't that much real use to justify the spending.
> So much of Tumblr's traffic is comprised "non-monetizable" porn sites that Yahoo foots the CDN bill for
I'm curious why you find pornography to be non-monetizable. It's a $97 billion dollar industry, and is probably easier to directly monetize than a random mishmash of personal blogs because adult sites tend to focus solely on a single fetish, and there's a clear standardized categorization of such.
Tumblr does not display ads on pornographic content. It is not something that Yahoo is willing or able to monetize, and yet it represents a substantial amount (perhaps the majority) of the cost of operating Tumblr.
Maybe a future operator of Tumblr would feel differently -- but I think it would be difficult to monetize both sets of content simultaneously.
> I think it would be difficult to monetize both sets of content simultaneously.
I'm not really certain why you'd feel that way. Most ad agencies simultaneously have an adult wing and a mainstream wing because the truth is... most people in the world are adults, and sexuality is a large part of what we consider the human condition.
It's only natural that you'd pay for services and products to aid in that.
What's not done is mixing the content verticals. You have pornographic content, then you advertise Adam & Eve products, paysites, or one of the many clothing distributors that will never be seen in a local mall.
Ironically, since tumblr lets' you use your own templates---some people are successfully doing upsells via Tumblr using "in house" advertisements for companies.
Well, they can't crack down on it because a significant amount of Tumblr's actual users are there for porn (both fanart and "regular" porn), at least in part, and would see doing so as censorship and being disconnected from the community.
Why Tumblr has such high costs? It doesn't seem to warrant complicated infrastructure like search or Flickr. It shouldn't require 100s of people to maintain. A tons of eyeballs should translate to very significant revenues here.
For me, it's Flickr that I would be annoyed losing. Not so much for my own photo hosting which is easily moved elsewhere. Everything is local on Lightroom anyway and I basically never use the social aspect of Flickr any longer. But Flickr is a great repository of other content, including a great deal of Creative Commons and public domain, that AFAIK isn't available with nearly the quantity or curation elsewhere.
Maybe Google would buy given that it's pretty much bombed out on photo sharing itself.
But imgur and reddituploads are serving a different purpose? They are both just image sharing (no one cares if it is low quality). However, Flickr is for photographers who want high quality images and EXIF info etc.
imgur is now a social network. It has long since de-emphasized being an image sharing tool. Almost all actions are now geared toward sharing images inside imgur, and not externally. They just added following and messaging capabilities. Imgur doesn't compete with flickr, it competes with reddit, twitter and facebook.
I use Flickr's API to drive some arts related websites. I also appreciate that Flickr stores (and exposes, with your permission) EXIF data. It doesn't overcompress images, and you can access the full resolution that you upload to.
I really haven't found anything else quite like it, and I would hate to see it go away. I've been paying for my pro account for the last eight years.
SmugMug at least used to be considered a good alternative. They became less attractive after a pricing change a few years back but I haven't really looked carefully for a long time. My main requirement is that I can essentially just set up a new publishing channel from Lightroom and press "Go" (which I believe I can do with SmugMug).
But, yeah, it was popular for a time to dump on Flickr because they hadn't really moved forward. But truth be told, it pretty much does the job for me the way it is and I don't want a whole bunch of social stuff dumped on it.
It's a social network, not a blogging platform. You have a consistent identity across the entire site, including everyone else's blogs that you comment on. It's closer to Facebook (with a larger focus on writing original posts) than it is to WordPress. If you were around for LiveJournal, it's more like that.
Tumblr has a huge community and there are a large number of niche topics that have their biggest communities on Tumblr.
> If you were around for LiveJournal, it's more like that.
LiveJournal is a good comparison here - it never went away, is still popular in some communities (Runet), and is not worth very much money because most Internet users in the United States that advertisers care about decided to move on to other social networks.
Blogs don't stand on their own, part of the popularity of it is the easy re-blogging and propagation of popular posts, both for memes, discussions, and occasionally fictional collaboration. It's like Livejournal in that regard.
Perhaps there's scope for a tumblr mirror, which could eventually take over from real-tumblr (and allow the blog owners to continue blogging) in the event that real-tumblr goes all geocities.
We don't know whether Tumblr's porn content is legal. There's absolutely no way a risk department would allow hosting massive porn pictures of potentially underage volunteers (or not-so-volunteers), let alone acquire a company who does that as a job, or copy that content over for free. Porn ventures use specific advertising platforms, payment methods and insurances.
I must be wrong, since Yahoo believes Tumblr increases its worth.
I'm active on Tumblr. The trouble is it's owned by Yahoo, doesn't make a lot of money (if it's even in the black) and has resisted all attempts to monetise it. (Advertisers seem to want something like a blogging Pinterest, not extended political ranting.)
At this point there's the ArchiveTeam and that's about it, so we actually have something to point at when we're talking about what a great website that sure was back then.
Does WordPress have reblogging? A feed that will show you all the posts from people you follow?
From what I've seen (and I'll admit to not being overly familiar with either), WordPress and Tumblr are very different beasts with every different aims.
This has been one of the things I saw as the biggest hurdle (as a former Tumblr employee) - most people unfamiliar with Tumblr assume it's a blogging platform, while the dashboard with its social aspects is biggest component of Tumblr. Wordpress and Tumblr are very different beasts when it comes to what they offer in whole - though Wordpress would suit those that only use Tumblr as a blogging platform.
Maybe it will end up like the geocities. All in all, I stay away from tumblr because the pages always crash and slows to a crawl. I'm not sure if Marissa accounted for the fact that Tumblr's users are far far less likely to look at ads than even FB.
> OK, what's it going to take to keep tumblr running?
If the Verizon deal falls through, I'd say "someone with the skill and resources to keep Tumblr running buying Tumblr, either together with other parts of Yahoo! or separately."
Fixing Yahoo seems impossible. It is bleeding cash and has at its scale no really credible strategic business model as a conglomerate of ideas. Selling it may fall flat now. Would it be possible to split it up? It may be easier to find a strategic direction for parts of it and maybe wind up others?
I have to imagine if they do buy it, they'll strip it for parts. They already have AOL, which has a dated name, but not one now synonymous with horrible security. And with the redundant properties between AOL and Yahoo, I can't fathom them not wanting to consolidate those, probably into a new brand entirely.
Between AOL and Yahoo (and their own Verizon email addresses where they're an ISP), they'd have a huge portion of the world's email accounts, and I could see a push to pull an Outlook.com: Move everyone to a new service, but keep all the old legacy email addresses from older services.
Let's also not downplay the "Yahoo" brand name. It does not have much high impact negative publicity associated to it (yet). The name "Yahoo!" goes as far back as the Internet for modern day users i.e. 30+ yrs age group. If Verizon can put a nice spin to it and through micro-filtration of the brand whatever filtrate is left, as long as it is somewhat appealing it would sell, let it be a search engine or whatever new product Verizon offers free-of-cost to its subscribers over its data network. Verizon owns AOL and with that a few mobile advertising companies. As TV content is gradually getting further away form traditional set-top-box nightmarish cable providers and more towards individual content companies (Netflix, Amazon Video, HULU, HBO etc), this would be a good step for Verizon to head in that direction as well, maybe not produce original content (such as Netflix/Amazon) but perhaps air exclusive sports events. At the end of the day, it is all about maintaining your monopoly.
> It does not have much high impact negative publicity associated to it (yet).
A billion compromised accounts seems like it could fill that role. Many people may not understand their online information's privacy/security, but that's an ear-grabbing number.
Agreed. Anecdotally, my mother called me last night asking what she needed to do about Yahoo's new breach. I said, no no, dont worry we already changed your password. She said nope, NEW news!
My mother (and her news) heard this loud and clear. Thats a problem, and VZ has every right to renegotiate -- this has passed the point of "we're yahoo so we're big and an unlucky target". This is, in my mother's words, "what the hell is wrong with those people, I'm done, how do i get everything to go to gmail".
That's the thing: people who don't understand this news may now think that this is an ongoing, regular thing with Yahoo. If they react by switching, Yahoo will only be left with people's spam-collecting accounts.
On top of that, I thought I understood this news, then got a prompt from yahoo logon that I may have been compromised. So, I mean, I still don't understand the implications and I consider myself considerably more tuned in than my mother.
Verizon would be stupid not to walk away from the deal at this point.
Setting aside that $4 billion was clearly way too much, Verizon, as the parent company, would be liable for any lawsuits against Yahoo resulting from the last few leaks.
It's funny that $4b is deemed "way too much" for Yahoo when Snapchat is valued at $20b something, and Linkedin was bought for $26b. And Instagram and Whatsapp and all the other unicorns.
It seems you are just randomly comparing tech companies by bid/sale value...what about actual value? There is incredible value to LinkedIn, and the 7x multiple is entirely sensible. They have the world's largest resume database, active users, major network effects, and near zero competition.
Yahoo has nothing close to that. I'm not saying that drives a 4B$ valuation exactly, but comparing Yahoo to LinkedIn is apples to oranges.
I'm pretty sure that the latest round of negotiations would cover the part 'what if someone sues, who pays for it?". Also, Verizon got an awesome deal to buy Yahoo for $4 billion and there's no way they will walk away from it in their right mind.
Verizon right now is only bidding for Yahoo's core business, not its Alibaba and Yahoo Japan shares. From what I remember, without those two assets, its core business is valued at less than zero.
Why would you pay 4 billion for a company that's bleeding cash, open to huge liabilities for password breaches/backdoors, ever-shrinking user numbers, and no technology worth speaking of?
Imagine if I had two friends, Google and Yahoo. Both are asking me if they can borrow a dollar.
Over the last few years when Google borrows a dollar it gives back an extra 3.5 cents the next year as a thank you. On the opposite side, when Yahoo has borrowed a dollar they've lost 13 cents within the next year.
Left to their own devices, Yahoo will implode and be out of money in under 7 years, likely much sooner. The $4 billion price tag was a way of salvaging what may still be valuable properties within Yahoo, but the company on paper is rapidly losing money at any valuation.
It's like asking someone to buy a car that's broken when it's unclear if they can fix it.
in all likelihood, you'll be left with the worse half, who will be demoralized as a bonus. Now you are even less likely to fix it. The surest way would be to strip it for parts.
The costs to run it are too high and haven't or can't be reduced. Granted, the demographics Yahoo can target and Yahoo's share of internet advertising aren't the most appealing, they did buy Flurry and others which were doing fine monetizing small shares of ad revenue.
Also, at this point, under-investing in security never pays.
The prospect of being part of the yahoo acquisition team at Verizon sounds dreadful. Yahoo has so many problems, so many things to figure out... it represents a close to impossible challenge to try to turn it around (in any way).
So considering there has been at least two breaches that are known and given the size and extent of them is there no concern by Verizon that any intellectual property held by Yahoo might have been taken as well?
Uh, yes. Look at the first sentence of the article:
"Verizon Communications Inc. is exploring a price cut or possible exit from its $4.83 billion pending acquisition of Yahoo! Inc., after the company reported a second major e-mail hack affecting as many as 1 billion users"
And that's a fair, justified opinion to have. But attacking someone who holds a contrary opinion for having ulterior motives is an extremely uncharitable thing to do.
It's crazy i am seeing this on HN. I feel Yahoo is all worth for the following reasons:
1) 2 decades old brand name everyone aware of
2) Yahoo! has some good products which is used by tons of people like Flickr, Finance, search(12% market share [0]), weather, media.
They just don't have a mammoth money making one product which subsidizes the rest of the business like Google. Not to mention the tech talent and the culture that Yahoo! brings to Verizon.
If you have any solid argument about why $4 billion is a waste, i would definitely like to hear.
Market share is irrelevant if you have to run at a loss to obtain it. I can steal all of Netflix and Hulu's market share if you give me a few billion quarterly and don't require that I'm ever profitable, care to invest in me? I'll have an excellent brand as well, everyone loves free TV.
The price is pretty low now, if you are confidant in your assement why not buy?
The profitability of Yahoo isn't everything. Verizon can just buy it as a loss leader in order to convert more users to their profitable products. The value of Yahoo to them is more than numbers on a spreadsheet. It isn't as simple as just buying a revenue stream.
Maybe you'd have more friends if you could recognize that you're impugning someone's integrity by claiming they could only hold an opinion if they had ulterior motives that they aren't being forthcoming about.
how can you work in tech and not have "a connection" to yahoo?
also how is your comment not an attack? you're saying his opinion is tainted... because he knows people who work at yahoo? does that mean no one can have a fair opinion on apple, amazon, google, microsoft?
This is really just a news headline that really doesn't matter, or make any difference in the real world, who cares? the media just wants to make things seem bad so they can get some attention then on the back of that bad attention someone seeing an opportunity to save some money. Pathetic.
A giant security breach leading to a potentially failed acquisition doesn't matter in a community of people focused on technology businesses? Nice one-word emotion signalling at the end, there.
