Yahoo discloses hack of 1 billion accounts - expert comment
December 2016 by Experts
Following the news of yet another Yahoo hack, which, this time, has leaked around one billion user accounts, the comments from three cybersecurity experts.
Alez Cruz-Farmer, VP at NSFOCUS: “This is another huge blow for Yahoo!, and an example of where adoption of the latest security methods have not been implemented. We all can learn from Yahoo!’s misfortune, teaching us how to preempt and react to [potential] breaches, because the tools are out there on the market to help. With Yahoo! being such a behemoth organisation, the question here is - did they invest in security and, if so, how did it go so wrong?"
Lee Munson, security researcher, Comparitech.com: “When Yahoo admitted earlier this year that it had been attacked in 2013, there were suggestions that the number of compromised accounts could place the company somewhere near the top of the pile in terms of the biggest ever data breaches.
“Now, there is no doubt, after it emerged that more than one billion accounts were compromised in the same year, possibly in an entirely separate attack.
“The worrying part of this news is the fact that the communications company does not appear to have noticed this second breach until November of this year, giving the attackers plenty of time to make merry with the stolen credentials.
“Thus, it is imperative that everyone with a Yahoo account should change their password immediately. Not only that, they should also change passwords elsewhere on the web too, if they have reused the same one across several accounts.
“New passwords should be unique to every site and account used and should be strong – lengthy, using letters, numbers and symbols, but not including words or dates of birth.
“Given the fact that Yahoo has said security questions and answers may also have fallen into unfriendly hands, its customers should, in fact, review every aspect of their personal security across the internet, especially for the most sensitive of accounts, such as online banking and credit card accounts.
“Additionally, the leaking of email addresses also makes it likely that Yahoo customers could be targeted by phishing attacks, prompting them into changing their login credentials on fake sites that are designed to look like banks, etc. – so the advice here is to never click on links found in emails, unless absolutely certain that they have come from a legitimate source.”
Javvad Malik, Security Advocate at AlienVault: “Companies will always be targeted and breaches will occur. The larger the company, the more likely it will be targeted and breached. This statement should not come as a surprise to anyone.
"However, it is vitally important to be able to detect a breach in a timely manner so as to either prevent the breach, to minimise the impact, or to forewarn users, customers, and shareholders so that steps can be taken to prevent being caught off guard.
"However, when a breach is disclosed after three years, it has almost zero value. The damage has been long done and people could have ended up victims without realising the source.
"The lack of breach detection is extremely worrying, and should serve as a reminder to all organisations of all sizes that if you hold user data, you have a responsibility to secure it.”