Yahoo Data Breach Questions

Uploaded on 2016-09-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Yahoo recently revealed that 500 million of its customers’ accounts have been compromised following a major data breach. What happened?

So far, so unsurprising; barely a month passes these days without one of the world’s biggest companies confessing that the personal data of millions of its customers has been stolen or otherwise exposed.

What is striking about the Yahoo breach, however, is that it happened in 2014. The company’s CISO, Bob Lord, has issued advice on how users can reduce their exposure, but given that the announcement comes two years after the fact, the words ‘stable’, ‘door’, ‘horse’ and ‘bolted’ seem pertinent.

 

  Yahoo CEO Marissa Mayer

Here are the key details about the breach as explained by Yahoo CISO Bob Lord: “A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. 

The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network.” Yahoo CISO Bob Lord.

A number of cyber security experts have issued their take on the revelations. The scariest thing in this case is that as yet, neither Yahoo nor its users are sure about what information has been compromised

The Yahoo hack serves as the greatest warning yet that personal email accounts are easy targets for hackers, putting their users at considerable risk of being subjected to cybercrime. The wider public is only just becoming wise to the fact that the more we use our personal webmail accounts for sending information about ourselves, the more information exists on the open internet that can be used against us by cyber criminals. This hack highlights how cyber criminals aren’t just after big companies, but individuals.

The scariest thing in this case is that as yet, neither Yahoo nor its users are sure about what information has been compromised. We need greater awareness to the threats that consumers face and education about what solutions exist to best protect ourselves by keeping our personal data safe.

The fact that Yahoo has now confirmed the breach is no surprise, the scale, however, is. The sad reality is this is the latest in a long list of organisations that have been caught napping when it comes to protecting customers’ data. 

In fact as technology infiltrates every facet of our lives, we are only opening the door for these types of events to be both more frequent and by all likelihood more impactful.

Yahoo users should be particularly concerned that the stolen information includes security questions and answers as this could leave them open to far more than just their Yahoo email account being compromised. It raises the potential for accessing other accounts, including those with sensitive personal and financial information. Identity theft is a very valid concern for all the victims.

Keeping customers’ data secure should be a top priority for all enterprises. A determined hacker can be quite difficult to detect but organisations need to commit to hardening themselves to these types of attacks. This breach serves as a stark warning to all organizations that no company is too big or too small a target.

Yahoo users should change their passwords immediately and monitor activity closely. Also, they need to make sure they are using a new password that is complex, lengthy and, most importantly, ‘unique’. Since we know that password reuse across multiple accounts is very common, Yahoo users need to also ensure they are not using the same password as their Yahoo account on other accounts as well.

One of the most concerning aspects of this breach is the fact that the security questions and answers were unencrypted

With the complex, data rich, IT environments organisations run today, there is always a high possibility of yet another breach with customer data making its way onto the dark web. As we continue to add more technologies to our networks and as attackers become more sophisticated, it’s important that organisations have a rapid process for determining the impact of the breach and a robust approach in addressing the ensuing post-breach fallout.

If you have a Yahoo account and have reused the password anywhere, it would be wise to create new ones now to stop any further personal data from being exposed. To reduce the impact from the next inevitable breach of this type, users should protect themselves by having individual passwords per service rather than the one or two most use now.

Despite many warnings, millions of users will still use very simple passwords like ‘1111’, ‘qwerty’ or their own names. According to Positive Technologies research, the password ‘123456’ is quite popular even among corporate network administrators: it was used in 30% of corporate systems studied in 2014. Hackers use the dictionaries of these popular passwords to ‘brute-force’ user accounts, so perhaps now is the time to employ a little creativity.

Yahoo does offer additional protection in the form of ‘account key’ and it would be prudent for users who continue using its service to employ this as a matter of urgency.

That this 2014 breach is only now coming to light raises serious concerns for Yahoo customers.

IFSEC Global

 

« Encryption Gives Malware a Perfect Place to Hide
What To Do About Zero-Day Hacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Patchstack

Patchstack

Patchstack (formerly WebARX) is a web application security platform, which allows digital agencies and developers to monitor, protect and maintain their websites.

National Defence Radio Establishment (FRA) - Sweden

National Defence Radio Establishment (FRA) - Sweden

The National Defence Radio Establishment (Försvarets Radioanstalt), is the Swedish national authority for Signals Intelligence, also providing Information assurance services to government authorities.

Stealthbits Technologies

Stealthbits Technologies

Stealthbits Technologies is a cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data.

CyberForce Program - US Department of Energy

CyberForce Program - US Department of Energy

The Department of Energy’s (DOE) CyberForce Program is a workforce development program that seeks to inspire and develop the next generation of cyber defenders for the energy sector.

Trapmine

Trapmine

TRAPMINE is an innovative cybersecurity products company mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

IberLayer

IberLayer

IberLayer is the company behind the Email Guardian service, a cloud based Email Total Protection system that filters and blocks email threats.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

OXO Cybersecurity Lab

OXO Cybersecurity Lab

OXO Cybersecurity Lab is the first dedicated cybersecurity incubator in the Central & Eastern Europe region.

Snode Technologies

Snode Technologies

Snode's Guardian cybersecurity platform uses AI and machine learning to monitor, detect and proactively respond to all threats on every device within your network.

Innefu Labs

Innefu Labs

Innefu is an Information Security R&D startup, providing cutting edge Information Security & Data Analytics solutions.

Xobee Networks

Xobee Networks

Xobee Networks is a Managed Service Provider of innovative, cost-effective, and cutting-edge technology solutions in California.

Smile Identity

Smile Identity

Smile Identity helps businesses confirm the true identity of their users in real-time using any smartphone or computer.

Nullify

Nullify

Nullify is your automated security sentry that continuously finds and fixes security issues across your codebase.

CoGuard

CoGuard

CoGuard is a patented solution that uses AI driven automation to provide fast, cost effective white-box penetration testing, infrastructure audits and infrastructure design services.

RapidFort

RapidFort

RapidFort’s Software Attack Surface Optimization Platform remediates 95% of software vulnerabilities in minutes without code changes.