Journalists report Yahoo e-mail accounts hacked in China

New York, March 31, 2010—News reports that the Yahoo e-mail accounts of reporters and others in China and Taiwan have been compromised are a reminder that journalists must be vigilant when communicating over the Internet, the Committee to Protect Journalists said today. CPJ called on Internet companies to reassess their business practices in countries where users’ communications cannot be adequately protected.

“Internet companies must seriously weigh the value of doing business in countries that do not provide adequate safeguards.” said Bob Dietz, CPJ Asia program coordinator. “Companies also must increase security for their users to allow them to operate in environments where their information may be at risk.”

Access was interrupted to Yahoo e-mail accounts used by journalists, academics, and human rights activists beginning on March 25, according to international news reports. The reports cited Kathleen McLaughlin, a Beijing-based freelance journalist and head of the media freedoms committee for the Foreign Correspondents Club of China (FCCC).

The FCCC’s Web site, which reports attacks on international correspondents operating nationwide in China, appears to have been suspended today. The site, which was active Tuesday, showed a “This Account Has Been Suspended” notice this afternoon. FCCC members could not be immediately reached today for any information they might have on the Web site’s status.

A screen grab of fccchina.org
A screen grab of fccchina.org

McLaughlin told CPJ and news outlets that Yahoo informed her that her personal e-mail account had been improperly accessed. She said the FCCC received reports that about 10 members’ accounts had been hacked. McLaughlin was critical of Yahoo for not providing more information about the apparent hacking. “Yahoo has information suggesting our data has been viewed by a stranger. They won’t tell us what that information is, how they found it, or who the unwelcome stranger might be. I find this irresponsible, especially given that we deal in sensitive information,” McLaughlin told CPJ. 

Yahoo said in an e-mail statement that the company was “committed to protecting user security and privacy and we take appropriate action in the event of any kind of breach.” It did not provide details. Reuters said in January that the company was aware its security was vulnerable but not publicizing the information.

The California-based Yahoo operates in China through its stake in the Chinese conglomerate Alibaba. In 2004, a Chinese court imprisoned local journalist Shi Tao based on information about his personal e-mail provided by Yahoo’s Hong Kong subsidiary. Shi is still serving the 10 year sentence he was given for disseminating “state secrets” after the email’s contents—a propaganda department directive—was retroactively classified, according to CPJ research. 

Google revealed in January that cyber-attacks believed to originate in China had compromised Gmail accounts belonging to journalists and human rights activists. The company stopped complying with Chinese government censorship requirements on their Chinese search engine, Google.cn, on March 22. 

Many foreign journalists operate in China on the assumption that their e-mail and telephone communications are vulnerable to attack, according to CPJ research. “It’s a good reminder to reporters in China about protecting private information and taking extra precautions with sensitive sources,” McLaughlin wrote.