News
Bret Lowry, CEO of WinPatrol comment the Yahoo Hack
December 2016 by Bret Lowry, CEO of WinPatrol
Yahoo has now proven more than once that their security is lacking with an announcement earlier this year that 500 million accounts got hacked in 2014 and now this announcement that one billion accounts were hacked as long ago as 2013.
Especially disturbing is the time it has taken Yahoo to realize and announce the attacks. Three years is forever in terms of computers and the Internet. Yet that is how long it has taken Yahoo to make this information public, thus putting at risk every single account all of their users have on any site on the Internet, their users person computers and at every business where people access their Yahoo accounts.
The use of “Security Questions” seemed like a good idea when it was originally invested, but has proven to be quite naïve in nature and even worse in cases like this downright dangerous. When hacks occur, hackers can obtain the answer to the “typical” security questions reused by many sites, thus turning these security questions into weapons that can be used against those who trustingly answered them, thinking the answers would be kept safe.
We recommend anyone who has a Yahoo account remove it now.
We also recommend business block their servers so that employees don’t check emails thus putting their employers at risk for phishing attacks.
What to do if you have Yahoo Account.
1. Before you delete the account, delete all emails and folders, enter invalid information for any security questions, and then delete the account. We recommend the above because when “removing” Yahoo accounts in the past we’ve found they truly do not deactivate them; this may be why they have 1 billion accounts.
2. If you have used the same password as used on Yahoo on any other site, change it immediately.
3. If security questions on other sites match those on Yahoo, change the answers.
4. Never reuse the answer to a security question. If/when the next hack occurs you don’t want your answers to be used against you.
5. If you associated your mobile phone number with your Yahoo account, beware. You may become a target of Smishes. (Mobile phishing attacks)
6. Ensure you security software is truly capable of blocking phishing and Ransomware attacks.
The investigation into the attack is still ongoing. The latest news states that the attack was not a typical phishing attack, but rather via proprietary Yahoo code becoming compromised allowing hackers access to internal systems. If this was indeed an “inside job”, then the hackers probably had the ability to decrypt all “secure” data which means none of your information on file at Yahoo is safe.
Be vigilant and practice safe computing by avoiding password re-use, never reusing the same answer to “Security Questions” and use software that specializes in blocking Phishing and Ransomware attacks.
