Germany’s cyber-security authority, the Federal Office for Information Security (BSI), criticised Yahoo on Thursday for failing to adopt adequate encryption techniques to protect its users’ personal data.
The BSI also advised German consumers to consider switching to alternatives for email after Yahoo disclosed a second data breach that raised fears Verizon might kill a deal to buy its core internet business.
BSI President Arne Schoenbohm said the protection of customers’ data should be the top priority for all internet service providers.
“Considering the repeated cases of data theft, users should look more closely at which services they want to use in the future and security should play a part in that decision,” he added in a statement.
“There is an array of German email providers for whom security is not a foreign concept.”
Noting that Yahoo was using the MD5 hash function to encrypt passwords, the BSI said this was no longer considered “state of the art and is to be regarded as unsafe”.