Your Online Security After The Yahoo Hack

The data breach at Yahoo has left half a billion people around the world in panic about the safety of their online data. But can consumers, especially in Germany and Europe, do anything protect themselves from attacks?

Half a billion Yahoo users received a message this week saying that they may have had their personal information stolen, including user names, email addresses, phone numbers, and dates of birth. While the hack may not have affected more sensitive data such as unprotected passwords, credit card data or bank account information, the leaked data could still allow outsiders to access user accounts.

The data hack at Yahoo, reportedly dating back to 2014, is regarded as one of the biggest of its kind to date. Yahoo said that it assumes it to be "state-sponsored," but why details have only now emerged remains unclear.

"An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the crosshairs of adversaries," Yahoo said in response to the data breach.

The data breach could also have an impact on the impending sale of Yahoo's core business to US telecom Verizon to the tune of nearly $5 billion (4.3 billion euros), which has been in the making for months.

While the company added that its ongoing investigation had found "no evidence that the state-sponsored actor is currently in Yahoo's network," unassuming consumers still feel alarmed and worried about their online data. But can people take precautionary measures to minimize the likelihood of such hacks affecting their lives?

Consumers not at fault

Dirk Hensel from Germany's Federal Commissioner for Data Protection (BfDI) and Freedom of Information underlined that in the case of Yahoo, this was a hack and not any sort of shortcoming on the part of consumers. 

"This is a data security issue and not directly a question of data protection. This was a malicious hacker attack, which could generally be prevented by establishing the right security measures, and not by consumers taking any action in their own right on their online accounts," Hensel told DW.

Although data protection and data security are related to each other, the terms refer to distinct consumer protection issues. Data security deals with safeguarding information shared online, while data protection limits the ways in which companies can use your information and are allowed to retain

Yahoo tried its best to control the damage caused, announcing that massive data hacks were becoming increasingly commonplace, while millions of people around the world raced to change their account passwords. However, this course of action may likely be useless. Germany's Federal Office for Information Security (BSI) agrees that the Yahoo hack could not have been prevented by consumers shifting their behavior.

BSI press representative Tim Griese did, however, stressed the moral responsibility of giant tech firms, pointing out that "millions of consumers had entrusted their data" to the US-based company.

"Consumers have next to no power or protection after they entrust a company with their data if it gets stolen. We summon companies to handle the data that is put in their trust with care, and to make sure their systems are protected," Griese told DW.

Rules and regulations in an age of globalised data

Dirk Hensel added that Germany had no jurisdiction over providers based overseas anyway, drawing the boundary of where consumer protection rights in Germany begin and end.

"Yahoo is a major provider, and therefore will likely ensure that proper security measures are in place simply out of its own self-interest. But, since it is a US-based company, we have no way of knowing what exact security measures they have taken, and whether these are sufficient in our view," Hensel explained, stressing that it was down to the consumer to decide whether they wanted to use US-based services.

"We are certainly working on establishing more transparency with providers based outside of Germany and the EU. There will hopefully be improved frameworks for this in place in the next two years," he added.

The consumer decides

Hensel emphasized that the best thing consumers can do is to always be informed about the products and services they subscribe to online, as more and more providers move to app-based platforms, which often demand even greater control over consumer data.

"With German providers, we get to assess what safety mechanisms they have and whether they are up to scratch. But companies like Yahoo or Google don't fall under German regulation, and so we can't assess them along those same lines," he said.

BSI's Tim Griese added that people should give more thought to whom they may choose to entrust their personal information.

"With regard to passwords, we advise people not to use the same password for different services and also to be more economical with giving out data. Think carefully who you want to share your data with and what data you are willing to share."

Regulations and jurisdictions aside, the question of what rights and protection consumers should be able to rely on remains open, as the world at large is still settling into the digital age.

DW

« New University Graduate Course: Cyber Anti-Terrorism
AI Will Transform Microsoft »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

RCMP Cybercrime Strategy

RCMP Cybercrime Strategy

The RCMP Cybercrime Strategy sets out in an Operational Framework and Action Plan to combat cybercrime.

Device Authority

Device Authority

Device Authority specialises in security automation for the Internet of Things (IoT).

4iQ

4iQ

4iQ fuses surface, social, deep and dark web sources to research and assess risks to people, infrastructure, intellectual property and reputation.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC)

Dubai Electronic Security Center (DESC) was founded to develop and implement information security practices in Dubai.

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI) is recognized as Thailand’s leader in cyber investigations and digital forensics.

Very Good Security (VGS)

Very Good Security (VGS)

VGS is the modern approach to data security. Our SaaS solution gives you all the benefits of interacting with sensitive and regulated data without the liability of securing it.

BullGuard

BullGuard

BullGuard is an award-winning cybersecurity company focused on providing the consumer and small business markets with the confidence to use the internet in absolute safety.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

Blaick Technologies

Blaick Technologies

Blaick is an Israeli cyber-security company which deploys proprietary Artificial Intelligence threats detection technology for early prevention of online cyber crime.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BlastWave

BlastWave

BlastWave’s BlastShield integrates three innovative products into a single solution to help prevent inadvertent and intentional attacks.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

Enterprise Strategy Group

Enterprise Strategy Group

Enterprise Strategy Group, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.

SixMap

SixMap

SixMap is a continuous threat exposure management platform that automatically provides comprehensive enterprise visibility, contextual threat intelligence, and a suite of remediation actions.

Gathid

Gathid

Gathid is a unique and versatile identity governance platform providing organizations with the ability to model, explore, audit, and track complex access-related scenarios.