Yahoo has reportedly searched through all of its users’ incoming emails with a secret software program that’s designed to ferret out information for U.S. government agencies.
The software program, which was created last year, has scanned hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, according to a Tuesday report from Reuters.
Yahoo reportedly created the program to comply with a U.S. classified government directive. It’s unclear if the mass email searching program is still in use.
“Yahoo is a law-abiding company and complies with the laws of the United States,” the company said in a statement.
The mass email searches might go above and beyond other U.S. government requests for information. Internet and telecommunication companies have handed over customer data before, most notably under the NSA’s PRISM surveillance program, which was publicized by leaker Edward Snowden.
However, the Yahoo initiative was especially broad and reportedly required the creation of a custom software program that could search through all the incoming emails in real-time.
It’s unclear what U.S. government agencies were exactly searching for and if Yahoo handed any information over. But the company was querying for a “set of characters,” possibly a phrase in an email or attachment, according to Reuters. Both the NSA and the FBI didn’t immediately respond to a request for comment.
Reportedly, a former Yahoo chief information security officer, Alex Stamos, resigned when he found out about the program had been authorized. The mass email searching was so secretive that not even Yahoo’s own security team was aware of it, according to the news report.
The security team didn’t discover the program until May 2015, initially assuming hackers had broken in.
Stamos didn’t immediately respond for comment. But he reportedly told his security team that a flaw in the secret program could have allowed hackers to access users’ emails.
News of the Yahoo mass email searching comes after the company reported a massive data breach affecting 500 million user accounts. The company has blamed the breach, which originally occurred in 2014, on a “state-sponsored actor,” although some security experts suspect cyber criminals may have been the actual culprits.
The eighth paragraph in this story was corrected to say the Yahoo security team was not aware of the scanning program.