All Yahoo Accounts had been Hacked, Not Just 1 Billion
The Yahoo breach is not as small (just 1 billion!) as reported earlier, all, repeat – ALL Yahoo accounts had been hacked. Yahoo had periodically been upping the number of accounts that had been compromised. However, the recent acquisition of Yahoo by Verizon and a forensic investigation by cybersecurity experts have revealed that three billion accounts had been hacked. As it is, the Yahoo breach of 2013 was considered unprecedented, and now further revelations report that all accounts had been compromised.
Email addresses and passwords had been breached, however, financial information is reported to have not been stolen – yet. Will that be discovered and reported later? We’ll have to wait and see.
Breaches Reported Late
The correct figures don’t seem to be forthcoming in nearly any breach. Discovery of hacking/breaches are being withheld, reported late, or impacted users are alerted very late or not alerted at all. Breached organizations seem to want to just want to sweep breaches under the carpet. Many of the breaches are being reported with impunity. And they seem to be following a process to get away with it. Even organizations that offer cyber security consultancy services get breached. In many cases, the hacking occurs due to lax cybersecurity policies or lax adherence to cyber security policies. A rigorous penalty would ensure that these organizations pay more attention to security and policies.
The acquisition of Yahoo does seem to offer one benefit – this disclosure of complete hacking of all accounts – which includes accounts of Yahoo’s other products such as Flickr, Fantasy, and Tumblr.
Breach of 2014
Yahoo also suffered a data breach in 2014, when 500 million accounts were compromised. An investigation traced the hack to Russian cyber spies and cyber criminals. This was a targeted hacking attack against specific diplomats and reporters in Russia and other countries. Emails had been accessed, and the hackers searched for any useful credentials and financial information. The discovered information allowed them to access Gmail and other non-yahoo accounts and also redirect user traffic to specific websites of questionable repute.
“Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats,” said Chandra McMahon, Chief Information Security Officer, Verizon. “Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”
Yahoo is now sending email notifications to the additional affected Yahoo user accounts, which would mean the other 2 billion users. Yahoo, is now part of Oath, a subsidiary of Verizon. Oath is a global leader in digital and mobile.
User Precautionary Measures
To protect themselves from hacking, users must follow basic password protection policies of using complex passwords/passphrases, using two-factor authentication, not using the same password for multiple accounts, not falling for spam/phishing emails, and not revealing account credentials or passwords.