Ever had an account hacked through no fault of your own, rather, the fault of the company’s? Yahoo are now offering rewards to users who are victims of this.
Cyber crime is on the rise and it can be difficult to stop. If you write down a password on a piece of paper and that piece of paper gets lost, anyone who has been in proximity to it could know your details, worse still, sometimes, in the digital world of cyberspace, our details can be plucked from company servers and our passwords could be taken without us even knowing. There’s little compensation for this kind of thing too, we might get a ‘you are recommended to change your password’ email from the site in question that we signed up to, or a note that says ‘sorry, we won’t let our servers get hacked again’, but rarely do we ever get a tangible gift to say sorry. Yahoo are looking to change that however, as the tech company want to give out real rewards to those affected by security exploits.
This news comes after a bit of a hype spiral that started at some point last week. Ramses Martinez, Director of Yahoo! Paranoids (the company’s security team) began to send out t-shirts as a reward to those who reported bugs to the company, allowing them to patch them up and do their best to protect their 800 million monthly users from cyber security harm. However, as Martinez states in a blog post on the Yahoo! Tumblr, some people already had t-shirts from him, whilst others were outraged that such a small gift was being offered for the information. As a result, the security team that he heads up will now start offering better “schwag”, as he calls it, to those who identify “what [Yahoo!] classify as new, unique and/or high risk issues”.
How it works is that individuals (or firms) who report bugs to Yahoo!, via their 24-hour a day monitored service, stand to gain between $150 and $15,000 depending on various factors, with Martinez saying that the “amount will be determined by a clear system based on a set of defined elements that capture the severity of the issue”. While the reason for doing this is officially ‘to reward those who didn’t like the t-shirt and/or want more of a reward’, we suspect that the real reason is that not only does this ward off hackers and black hat groups from cyber assaulting the company, it also brings Yahoo! up to part with other company’s security reporting reward policies. Whether this helps Yahoo! become a more secure organisation is yet to be seen, with the new policy going live on October 31st, 2013 and rewards being offered to those who submitted security reports after July 1st of this year.
We’ll keep you posted once we know more.
Source: Yahoo! Developers Tumblr