You may have heard the big news. It was announced in September that 500 million Yahoo accounts had been hacked, resulting in one of the most catastrophic data breaches in U.S. history.
What was compromised?
Yahoo’s statement on the hack indicated that the stolen information includes names, email addresses, telephone numbers, dates of birth, and even the answers to some security questions. Yahoo suggested the attack was perpetrated by a state actor, though this has not been verified with evidence. At least one cyber security firm suggested the hack was the work of a criminal gang rather than a nation state.
Bad implications all around
The hack took place in 2014, but Yahoo claims to have only recently learned of the incident at a moment when Yahoo was in negotiations to be purchased by Verizon. Yahoo is now working with law enforcement to find the culprit. If the attack happened two years ago and the company is only learning of it now, this could suggest negligent security measures. If the company knew of the hack earlier and is only now informing the public, this suggests the suppression of important information. Neither possibility reflects well on the company.
This is big news for any company that handles customer data. In addition to concerns about privacy, attacks like the one leveled against Yahoo can cause financial damage to a company and consumers alike. Furthermore, these types of attacks lower consumer trust in a company that can be difficult to regain. Obviously, this can damage a company’s reputation and brand. This incident underscores the importance of having security measures in place to prevent such incidents.
The Truth about Encryptions
Yahoo has touted its encryption of passwords and other private user data as a means of protecting users against hackers. In fact, the company confirmed that most of the passwords lost in the data breach were encrypted. This makes it more difficult for hackers to decipher password information for use. Unfortunately, companies don’t use encryption for other user information, such as date of birth or answers to security questions. Encryption is helpful against cyber attacks, but it doesn’t mean user data is entirely safe.
If you are a business owner, one important way to limit damage from hacks is to be sure employees have access only to data and networks they absolutely need to do their job – and never more than that. That way, if a hacker gets access to login information they are limited in how they can use this information to gain even more access to valuable information in your network.
Individual users of sites like Yahoo may likewise take precautions to prevent damage from hacks and data breaches. One way to do this is to choose a unique password for any site they use. One of the reasons hackers consider password information from sites like Yahoo so appealing is that they can often use the same usernames and passwords to access other accounts where the user stores information. Anyone with a Yahoo account should also alter security questions and answers on other accounts because hackers may have gained that information in the hack.
Whether you’re a business owner or an individual Internet user, the news of this breach holds valuable lessons for everyone. Take precautions now to prevent becoming the next victim.
Umesh Verma is the award-winning CEO and driving force behind Blue Lance, the global provider of cybersecurity governance solutions. For more than 25 years, Blue Lance’s automated software solutions have been protecting digitally managed corporate assets by assessing, remediating, and monitoring security of information systems. Call Blue Lance at 1-800-856-2586 for your 25-point credentials assessment, or get social with us on LinkedIn, Facebook, or Twitter.