Yes, that is B for billion. The company’s security team claims this was done by the theft of its proprietary source code, which allowed the hacker(s) to create forged cookies, which in turn allowed the hacker(s) to impersonate valid users by granting access to user accounts without entering their password. The damage done was the theft of names, phone numbers, dates of birth, passwords and the answers to user security questions.
Together, both the 2013 and 2014 hacks are the largest known security breach of one company’s computer network.
This should come as no surprise, as many companies this past year have been victimized by cyber-attacks. Our society is in a digital age where people live in a world surrounded by black mirrors and the light from some sort of electronic monitor or screen. What’s disturbing — shocking, actually — is that Yahoo had absolutely no indication that any of these attacks were done, but for the data analysis provided by law enforcement.
Adding to that, Yahoo even refused to take appropriate measures after September's revelation of the 2014 hack. The most simple suggested measure was to force users to change their login credentials. Only now has Yahoo begun forcing users to change their passwords.
Yahoo has a responsibility to its users, but more importantly, to its continued existence as a leading e-mail service provider. Over the past few years, Yahoo’s customer base has declined, as folks have gravitated to Google’s G-mail. This has also affected business relationships, such as the pending Verizon $4.8 billion acquisition. Yahoo just hasn’t taken even the most basic steps to ensure its proprietary data and confidential user data is consistently protected. Every day there are new threats that are coded and created for the purpose of user and corporate sabotage; Yahoo has a responsibility to make sure its security team is aware and analyzing its data for threats.
Companies need to be ready when, not if, they are subject to a data breach. However, many companies still act as if such breaches are the exception. It will happen and when it does, security teams need to be ready to put security response plans in motion right away.
In the meantime, for those Yahoo users affected, my suggestion is to change to a more secure e-mail provider. Yahoo has shown it isn’t ready to deal with attacks.
Other steps I’d dake:
• Change passwords by means of a random password generator online, which are free.
• Change your security questions and answers.
• Monitor the sites you are visiting.
• Most importantly, check emails before you open them. Don’t be the victim of social engineering.
About the Author