Now in 2016, the Yahoo breach that have occurred 2 years ago, in late 2014 has been confirmed by Yahoo on Thursday: at least 500 million user accounts have been stolen.
There have been a rise of a conflicting information about the nature of this breach. Yahoo declares it was a job of a “state-sponsored actor”, an entity acting on behalf of some government. InfoArmor Inc., an information security firm, claims Yahoo database was breached by hacker group “Group E” with a substantial criminal track record – these were the same individuals who have reportedly breached the LinkedIn for 200,000,000 records few years before the Yahoo breach.
The group have sold the Yahoo data at least three times, including once to some state-sponsored actor. The following credentials of Yahoo users have been confirmed to be compromised:
- Yahoo Login (ID)
- Recovery Email (Linked with the profile)
- Date of Birth
- Hash of Password (MD5)
- Country Code
- Cellphone (if provided by the user for password recovery)
- ZIP code (if provided by the user for password recovery)
What people need to realize and remember, that hackers are NOT just some lonely teens who break into databases for the hacker forum glory: it is a well-oiled, profitable, serious business. Just take a look at the overview of InfoArmor investigation of Yahoo breach to get a general idea of how massive the scale of this cybersecurity issue is.
How could this massive breach happen to a giant such as Yahoo?
The former member of Yahoo security team believes that “security was pushed to the back end,” because higher-up administration under CEO Marissa Mayer “just had other priorities” and were resistant about better funding and efforts to improve security, even after the breach of 2012, where hacker posted 450,000,000 records of stolen Yahoo login credentials online.
So far Yahoo is facing two lawsuits (both filed from California). for gross negligence from individuals who have had their accounts hacked and had their sensitive data at risk and their private data exposed.
Lessons learned: what can you do to protect your private data?
There is always a common sense that dominates every list of IT security tips – for business and consumers alike. Practice good cybersecurity protocols to minimize your risk.
- Stop using public cloud email service for business: you are setting yourself up with the under-secured servers (related: Don’t Let “Hillary” Take Down Your Business – Beware of the Unsecured Server)
- Do not the same login name and password for multiple, different accounts. Criminals use password “recycling” when trying to breach other databases with same credentials they have got their hands on. By using the same login credentials, you amplify your chances of compromising private data.
- Do not use debit cards or bank account transfers. When use credit cards rather federal law limits your maximum liability to $50.
- Change your passwords periodically. If your passwords are always the same, you can get re-hacked at the same, or different account.
- Limit information you give out to the online accounts. The less info is out there, the better off you are if breach occurs.
- Try multi-factor authentication – meaning the use two of the three methods of verifying your identity .(i.e. login credentials, phone confirmation, fingerprint, etc.) That one is easier said than done, since not every outlet offers it yet.
- Always deploy and use a legitimate, professional antivirus program. It may help you not get into infected sites that
- Utilize Layered security techniques and follow principles of cybersecurity.
Benefits of Computer Network Security Services
Cybersecurity is important to every business, and every business, not just a computer service company must protect their client data. Our engineers are professional experts in computer network security for business. Network Security services from powersolution.com make sure your network is secure, and your business data is protected, reducing the total costs of your IT issues and the resulting downtime. We can help you define your specific network security needs, identify and address your vulnerabilities, provide with efficient security solution. We do not cut corners. We do not underestimate the measures needed to keep the malicious users – both external and internal – out of your business computer network. We help you keep your data secure, and your business network well-maintained.
Our local security experts provide IT consulting, technical support – both remote and on-site visits, offering Network Security and managed IT services plans. Call us today at 201-494-1414 to start a conversation about your business IT needs.