Hack of Half a Billion Records Takes Shine Off Yahoo's Data Trove

...

Yahoo on Thursday disclosed that a data breach in late 2014 resulted in the theft of information from at least 500 million customer accounts.

Based on a recent investigation, it appears that state-sponsored hackers carried out the attack, the company said.

Account information compromised includes names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.

Payment card and bank account information was not compromised, according to Yahoo. That information is stored on a system that was not affected by the breach.

Yahoo pointed to an increase in state-sponsored attacks on technology companies and noted that since late last year, it has informed about 10,000 users of suspicions that state-sponsored actors were targeting their accounts.

If the breach reports are true, they couldn't have come at a worse time for the company, which is preparing to sell its operating business to telecommunications giant Verizon for US$4.8 billion.

"Verizon certainly took on a calculated level of risk in acquiring Yahoo, particularly because of its massive user base," said Kevin Cunningham, president of SailPoint.

"The question of whether this breach will affect the sale price depends on how extensively [Verizon] performed due diligence on Yahoo's security controls," he told the E-Commerce Times.

"It's a perfect illustration of the fact that this due diligence should include not just network security controls, but also identity governance controls," Cunningham continued, "because as we've seen with LinkedIn, Dropbox and countless others, breaches very often result from compromised employee credentials."

With a data breach of this size, tremendous risk is created for an acquisition partner, noted Erik Knight, CEO of SimpleWan.

"There's going to be a ton of issues here that could drastically reduce the value of Yahoo," he told the E-Commerce Times.

Verizon on Thursday acknowledged that it had been notified of Yahoo's security incident, but had limited information and understanding of its impact.

The company would consider its interests -- including those of its customers, shareholders and related communities -- as the investigation proceeded, it said.

Yahoo encouraged its users to take precautions, such as changing passwords and security questions, to protect themselves from malicious activity.

The company recently has introduced new tools to help safeguard customer security.

"If you're a Yahoo user, over the last several years you will have experienced additional security measures on your accounts," noted Michael Harris, chief marketing officer at Guidance Software.

Those measures include a requirement to change passwords on a regular basis, and mobile alerts when Yahoo detects a login from a new device.

"These improvements will help mitigate the impact of this breach," Harris told the E-Commerce Times.

Yahoo also introduced the Yahoo Account Key last year, which is similar to the two-factor authentication systems used by some online services.

The problem with security offerings like 2FA is that people don't take advantage of them.

"I doubt many people have opted in for it. I don't know many people outside the security industry that enable things like 2FA," said Prevoty CTO Kunal Anand of Yahoo Account Key.

"The idea sounds great, but not many people do that," he told the E-Commerce Times.

"It's good cyberhygiene, but I should eat more vegetables, too," quipped Cameron Camp, a senior researcher at Eset.

"Whenever something is opt-in, that usually means a slower rate of adoption," he told the E-Commerce Times.

While it remains to be seen what impact this data breach will have on Yahoo, one very likely consequence is a loss of trust among its users, said Ebba Blitz, CEO of Alertsec.

Nearly one in three survey participants said it would take them several months to begin trusting a company following a data breach, the company found.

"Our research demonstrates just how difficult it will be for Yahoo's brand to recover from this breach," Blitz told the E-Commerce Times.

"Customers who are affected by data breaches suffer a significant loss of trust, and this is particularly true of men," he pointed out.

Twenty-two percent of participants said it would only take them a month to forgive, but 17 percent of men and 11 percent of women said their trust would be permanently lost. Men were more likely to switch to a competitor following a data breach than women.

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Categories
Guide
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    As Google Daydream Launch Gets Closer, Google's Investments in VR Pick-Up

    This morning, the folks over at Bloomberg shared new information surrounding the launch of Google’s VR platform, Daydream, which they say is scheduled to happen in the “coming weeks.Of course, the launch of Daydream with Google means apps are preparing for launch, including HBO Now and apps from sports leagues, like the NBA and MLB.
  • 5300c769af79e

    Hiding in Plain Sight: How a CASB with UBA Unmasks Insider Threats in the Cloud

    Download According to IBM's 2015 Cyber Security Intelligence Index, 55% of cyber attacks were due to insiders.Yet, CISOs frequently overlook internal actors and instead focus on protecting their cloud services against external attackers - leaving a huge security gap.
  • 5300c769af79e

    Symantec Norton AntiVirus Basic

    Compare Similar ProductsCompare Bitdefender Antivirus Plus 2016 %displayPrice% Kaspersky Anti-Virus (2017) %displayPrice% McAfee AntiVirus Plus (2016) %displayPrice% Webroot SecureAnywhere AntiVirus (2016) %displayPrice% Trend Micro Antivirus+ Security 2016 %displayPrice% Avast Pro Antivirus 2016 %displayPrice% Daily Safety Check Home Edition %displayPrice% Emsisoft Anti-Malware 11.0 %displayPrice% ESET NOD32 Antivirus 9 %displayPrice% F-Secure Anti-Virus 2016 %displayPrice% Panda Antivirus Pro 2016 %displayPrice% VoodooSoft VoodooShield 2.
  • 5300c769af79e

    Smartphone Speech Recognition Is 3X Faster Than Texting

    New research suggests you should be using your smartphone's speech-recognition software to text, instead of your thumbs.Researchers at Stanford University recently devised an experiment pitting Chinese tech giant Baidu's speech recognition software against 32 texters, ages 19 to 32, working with the built-in keyboard on an Apple iPhone.