SAN FRANCISCO/BOSTON/WASHINGTON: IN the summer of 2013, Yahoo Inc. launched a project to better secure the passwords of its customers, abandoning the use of a discredited technology for encrypting data known as MD5.
It was too late. In August of that year, hackers got hold of more than a billion Yahoo accounts, stealing the poorly encrypted passwords and other information in the biggest data breach on record. Yahoo only recently uncovered the hack and disclosed it last week.
The timing of the attack might seem like bad luck, but the weakness of MD5 had been known by hackers and security experts for more than a decade. MD5 can be cracked more easily than other so-called “hashing” algorithms, which are mathematical functions that convert data into seemingly random character strings.
In 2008, five years before Yahoo took action, Carnegie Mellon University’s Software Engineering Institute issued a public warning to security professionals through a US government-funded vulnerability alert system: MD5 “should be considered cryptographically broken and unsuitable for further use.”
Yahoo’s failure to move away from MD5 in a timely fashion was an example of problems in Yahoo’s security operations as it grappled with business challenges, according to five former employees and some outside security experts.
“MD5 was considered dead long before 2013,” said David Kennedy, chief executive of cyber firm TrustedSec LLC. “Most companies were using more secure hashing algorithms by then.” He did not name specific firms.
Yahoo, which has confirmed it was still using MD5 at the time of the attack, disputed the notion that the company had skimped on security.
“Over the course of our more than 20-year history, Yahoo has focused on and invested in security programs and talent to protect our users,” Yahoo said in a statement to Reuters. “We have invested more than $250 million in security initiatives across the company since 2012.”
The former Yahoo security staffers, however, told Reuters the security team was at times turned down when it requested new tools and features such as strengthened cryptography protections, on the grounds that the requests would cost too much money, were too complicated, or were simply too low a priority.
Partly, that reflected the Internet pioneer’s long-running financial struggles. Reuters could not determine how many companies besides Yahoo were using MD5 in 2013. Google, Facebook and Microsoft Corp. did not immediately respond to requests for comment.
According to a former security veteran at Yahoo, even when the company was growing quickly, security sometimes took a back seat as the company focused on system performance to keep up with the growth. Then, when growth stalled, senior security staff left for other companies and the chances of getting approval for expensive upgrades dropped further, the person said. Yahoo declined to comment on details of its security practices, but said it routinely conducted drills to test and improve its cyber defenses.
Last September, Yahoo disclosed a 2014 cybertattack that affected at least 500 million customer accounts, the biggest known data breach at the time. Former Yahoo employees said the company’s security problems began before the arrival of Chief Executive Marissa Mayer in 2012 and continued under her tenure. Yahoo had suffered attacks by Russian hackers for years, two of the former staffers said.
Yahoo told Reuters it was committed to keeping users secure by staying ahead of new threats. “Today’s security landscape is complex and ever-evolving, but, at Yahoo, we have a deep understanding of the threats facing our users and continuously strive to stay ahead of these threats to keep our users and our platforms secure.”
Yahoo security problems a story of too little, too late
Yahoo security problems a story of too little, too late
WEF report spotlights real-world AI adoption across industries
DUBAI: A new report by the World Economic Forum, released Monday, highlights companies across more than 30 countries and 20 industries that are using artificial intelligence to deliver real-world impact.
Developed in partnership with Accenture, “Proof over Promise: Insights on Real-World AI Adoption from 2025 MINDS Organizations” draws on insights from two cohorts of MINDS (Meaningful, Intelligent, Novel, Deployable Solutions), a WEF initiative focused on AI solutions that have moved beyond pilot phases to deliver measurable performance gains.
As part of its AI Global Alliance, the WEF launched the MINDS program in 2025, announcing its first cohort that year and a second cohort this week. Cohorts are selected through an evaluation process led by the WEF’s Impact Council — an independent group of experts — with applications open to public- and private-sector organizations across industries.
The report found a widening gap between organizations that have successfully scaled AI and those still struggling, while underscoring how this divide can be bridged through real-world case studies.
Based on these case studies and interviews with selected MINDS organizations, the report identified five key insights distinguishing successful AI adopters from others.
It found that leading organizations are moving away from isolated, tactical uses of AI and instead embedding it as a strategic, enterprise-wide capability.
The second insight centers on people, with AI increasingly designed to complement human expertise through closer collaboration, rather than replace it.
The other insights focus on the systems needed to scale AI effectively, including strengthening data foundations and strategic data sources, as well as moving away from fragmented technologies toward unified AI platforms.
Lastly, the report underscores the need for responsible AI, with organizations strengthening governance, safeguards and human oversight as automated decision-making becomes more widespread.
Stephan Mergenthaler, managing director and chief technology officer at the WEF, said: “AI offers extraordinary potential, yet many organizations remain unsure about how to realize it.
“The selected use cases show what is possible when ambition is translated into operational transformation and our new report provides a practical guide to help others follow the path these leaders have set.”
Among the examples cited in the report is a pilot led by the Saudi Ministry of Health in partnership with AmplifAI, which used AI-enabled thermal imaging to support early detection of diabetic foot conditions.
The initiative reduced clinician time by up to 90 percent, cut treatment costs by as much as 80 percent, and delivered a 10 time increase in screening capacity. Following clinical trials, the solution has been approved by regulatory authorities in Saudi Arabia, the UAE and Bahrain.
The report also points to work by Fujitsu, which deployed AI across its supply chain to improve inventory management. The rollout helped cut inventory-related costs by $15 million, reduce excess stock by $20 million and halve operational headcount.
In India, Tech Mahindra scaled multilingual large language models capable of handling 3.8 million monthly queries with 92 percent accuracy, enabling more inclusive access to digital services across markets in the Global South.
“Trusted, advanced AI can transform businesses, but it requires organizing data and processes to achieve the best of technology and — this is key — it also requires human ingenuity to maximize returns on AI investments,” said Manish Sharma, chief strategy and services officer at Accenture.
