Hack of Half a Billion Records Takes Shine Off Yahoo's Data Trove

...

Yahoo on Thursday disclosed that a data breach in late 2014 resulted in the theft of information from at least 500 million customer accounts.

Based on a recent investigation, it appears that state-sponsored hackers carried out the attack, the company said.

Account information compromised includes names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.

Payment card and bank account information was not compromised, according to Yahoo. That information is stored on a system that was not affected by the breach.

Yahoo pointed to an increase in state-sponsored attacks on technology companies and noted that since late last year, it has informed about 10,000 users of suspicions that state-sponsored actors were targeting their accounts.

If the breach reports are true, they couldn't have come at a worse time for the company, which is preparing to sell its operating business to telecommunications giant Verizon for US$4.8 billion.

"Verizon certainly took on a calculated level of risk in acquiring Yahoo, particularly because of its massive user base," said Kevin Cunningham, president of SailPoint.

"The question of whether this breach will affect the sale price depends on how extensively [Verizon] performed due diligence on Yahoo's security controls," he told the E-Commerce Times.

"It's a perfect illustration of the fact that this due diligence should include not just network security controls, but also identity governance controls," Cunningham continued, "because as we've seen with LinkedIn, Dropbox and countless others, breaches very often result from compromised employee credentials."

With a data breach of this size, tremendous risk is created for an acquisition partner, noted Erik Knight, CEO of SimpleWan.

"There's going to be a ton of issues here that could drastically reduce the value of Yahoo," he told the E-Commerce Times.

Verizon on Thursday acknowledged that it had been notified of Yahoo's security incident, but had limited information and understanding of its impact.

The company would consider its interests -- including those of its customers, shareholders and related communities -- as the investigation proceeded, it said.

Yahoo encouraged its users to take precautions, such as changing passwords and security questions, to protect themselves from malicious activity.

The company recently has introduced new tools to help safeguard customer security.

"If you're a Yahoo user, over the last several years you will have experienced additional security measures on your accounts," noted Michael Harris, chief marketing officer at Guidance Software.

Those measures include a requirement to change passwords on a regular basis, and mobile alerts when Yahoo detects a login from a new device.

"These improvements will help mitigate the impact of this breach," Harris told the E-Commerce Times.

Yahoo also introduced the Yahoo Account Key last year, which is similar to the two-factor authentication systems used by some online services.

The problem with security offerings like 2FA is that people don't take advantage of them.

"I doubt many people have opted in for it. I don't know many people outside the security industry that enable things like 2FA," said Prevoty CTO Kunal Anand of Yahoo Account Key.

"The idea sounds great, but not many people do that," he told the E-Commerce Times.

"It's good cyberhygiene, but I should eat more vegetables, too," quipped Cameron Camp, a senior researcher at Eset.

"Whenever something is opt-in, that usually means a slower rate of adoption," he told the E-Commerce Times.

While it remains to be seen what impact this data breach will have on Yahoo, one very likely consequence is a loss of trust among its users, said Ebba Blitz, CEO of Alertsec.

Nearly one in three survey participants said it would take them several months to begin trusting a company following a data breach, the company found.

"Our research demonstrates just how difficult it will be for Yahoo's brand to recover from this breach," Blitz told the E-Commerce Times.

"Customers who are affected by data breaches suffer a significant loss of trust, and this is particularly true of men," he pointed out.

Twenty-two percent of participants said it would only take them a month to forgive, but 17 percent of men and 11 percent of women said their trust would be permanently lost. Men were more likely to switch to a competitor following a data breach than women.

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Categories
Guide
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    The Convergence of Security and Compliance eBook

    Download IT security and compliance professionals are under constant pressure to ensure ongoing compliance with industry regulations such as the Payment Card Industry (PCI) Data Security Standard, required for retailers and other merchants, or HIPAA /HITECH, required for healthcare organizations.This eBook defines potential compliance and security gaps, identifies what effect these gaps can have on your organization, and explains how a positive security solution can close these gaps to protect servers and endpoints while ensuring compliance with industry regulations.
  • 5300c769af79e

    Photos Detail Reported Samsung Gear Fit 2, Wireless IconX Earbuds

    Samsung has apparently heard the cries of its customers, and before long, we may have a sequel to the Gear Fit smartband.Reportedly called the Gear Fit 2, this smartband will likely track your day-to-day outings by tracking steps, calories burned and more.
  • 5300c769af79e

    Two Sources Suggest Verizon Will Carry the New Nexus Phones

    When the new HTC-made Nexus phones arrive at some point in the near future (maybe in early October), two sources suggest that we might see them sold directly through carriers, just like the Nexus 6 and Galaxy Nexus before them.Since all of that stuff is a part of the system, Benis suggests that these new Nexus phones will indeed be sold through carriers.
  • 5300c769af79e

    iPhone Rumors: Samsung-Made OLED Displays, All-Glass Design

    At the same time, an analyst writes that by 2017 the iPhone will have an all-glass design.The advantages to OLED displays versus LCD displays is reduced thickness and improved picture quality.