500M Yahoo! Users Impacted by Hack; What It Says About Password Protection

By Paula Bernier September 23, 2016

Yahoo! is facing a lot of challenges lately. Add to the heap the breach – which the company confirmed today – that has affected 500 million Yahoo! accounts and is believed to have been carried out by a state-sponsored actor.

The breach, which dates back to late 2014, may have allowed unauthorized parties to access such information as Yahoo! account holder dates of birth, email addresses, names, telephone numbers, and security questions and answers (both encrypted and unencrypted), the company said. Yahoo! doesn’t think the breach included the theft of bank account information, payment card data, or unprotected passwords.

The company sent out an email and posted on its website a letter from Yahoo! CISO Bob Lord explaining the situation and what it is doing to protect its users. Yahoo! in the communications said it has invalidated unencrypted security questions and answers so they can’t be used to access an account, is working closely with law enforcement on the matter, and continues to upgrade its systems to identify and prevent unauthorized access to user accounts.

The company is also suggesting affected users change their passwords and adopt an alternate means of account verification, review their accounts for suspicious activity, avoid clicking on links or downloading attachments from suspicious emails, use caution in responding to unsolicited emails, and consider using the authentication tool Yahoo Account Key. Users with Yahoo Account Key don’t need passwords to sign into their accounts.

“Since we don’t have the specifics yet, it will be hard to say how everything happened,” notes Brad Bussie, CISSP, director of product management at STEALTHbits Technologies. “What we do know is that accounts that have been breached have value. The reason they have value is that people use the same password for multiple sites. The industry has been warning users for years that they need different complex passwords for each account they use online. The problem is that many consumers have dozens of accounts and remembering that many passwords is hard.” 




Edited by Alicia Young

Executive Editor, TMC

SHARE THIS ARTICLE
Related Articles

Four Reasons to Reach for the Cloud after World Earth Day

By: Special Guest    4/23/2018

The World Earth Day agenda offers a chance to flip the rationale for cloud adoption and highlight environmental benefits that the technology brings pr…

Read More

Bloomberg BETA: Models Are Key to Machine Intelligence

By: Paula Bernier    4/19/2018

James Cham, partner at seed fund Bloomberg BETA, was at Cisco Collaboration Summit today talking about the importance of models to the future of machi…

Read More

Get Smart About Influencer Attribution in a Blockchain World

By: Maurice Nagle    4/16/2018

The retail value chain is in for a blockchain-enabled overhaul, with smarter relationships, delivering enhanced transparency across an environment of …

Read More

Facebook Flip-Flopping on GDPR

By: Maurice Nagle    4/12/2018

With GDPR on the horizon, Zuckerberg in Congress testifying and Facebook users questioning loyalty, change is coming. What that change will look like,…

Read More

The Next Phase of Flash Storage and the Mid-Sized Business

By: Joanna Fanuko    4/11/2018

Organizations amass profuse amounts of data these days, ranging from website traffic metrics to online customer surveys. Collectively, AI, IoT and eve…

Read More