Knowledge

12/20/2016

Yahoo Account Data Breach

Following a 500 million user account data breach in September, Yahoo has just announced that they have once again suffered another breach of an estimated one billion accounts. Yahoo disclosed in November, that the company was provided with data files from law enforcement claiming to be Yahoo user data. Outside forensic experts, in conjunction with Yahoo, have determined that it is in fact Yahoo user data, that was obtained by an unauthorized third party in August of 2013. The party responsible for the intrusion has not yet been able to be identified. This incident has been diagnosed to be separate from the incident in September 2016. 

Yahoo believes that the information that was stolen consists of full names, email addresses, dates of birth, phone numbers, hashed passwords, and possibly security questions and answers as well. Luckily, Yahoo does not store credit card or any other payment information in the system that was affected.

Currently, Yahoo is identifying and notifying potentially affected users and instructing them to change passwords immediately. Additionally, Yahoo is removing all unencrypted security questions and answers from affected users so that hackers cannot use those answers to break into users accounts. 

As 2016 comes to a close, it seems to appear to be the “Year of the Breach” with reports of eight major breaches involving well-known companies. Obtaining large amounts of data is key for these hackers, so companies most vulnerable are those which hold a large amount of personal data on their customers, including Social Security numbers, birthdates, home addresses and even medical records. 

Digital Edge’s Security Operation Center (SOC) protects your organization’s intellectual property and sensitive data. Digital security threats are real and it is better to be able to detect and respond to them as quickly as possible. It is difficult for organizations without a comprehensive incident-handling capability to create a proactive SOC team. These capabilities have to include tools and processes that enable centralized security threat visibility, instant alerting, and efficient troubleshooting. Digital Edge’s SOC is ready to deliver those capabilities and provide security coverage for your organization today. 

Digital Edge’s 24/7 SOC operates in alignment with all industry requirements and regulatory compliances. We are audited by governing agencies and our clients on regular bases. We are regularly providing reports, controls and policies to both internal and external auditors. We are ready to integrate with any industry requirements that exist on the market today. Our clients find it extremely beneficial to have a partner who becomes a part of their own compliance process. Contact us today to see how valuable Digital Edge’s free “Proof of Concept” Program can be for your business’ security!

With 2017 on the horizon, Digital Edge believes that with the coming of a New Year, that everyone should create new safe and secure passwords for all accounts, here are some tips for creating one: 

  • Use a random combination of at least ten symbols, letters, and numbers.
  • Don’t use the same password for multiple websites.
  • Don’t use words in your passwords- cybercriminals have programs that can crack those passwords in a heartbeat.
  • Don’t use any personal information in your password- not even your birthdate.
  • Do not open emails from unknown sources and delete anything that appears questionable. 
  • Do not reply on security questions to protect your account/password. Most security questions are common across applications, and the answers are often found on public social media sites.

We understand that it can be hard to keep track of dozens of complicated passwords for multiple websites; however, cybercriminals count on password reuse in order to gain access to other accounts. 

Another great way to protect your account is if the service offers two-step verification. Two-step verification is a method of verifying your identity in addition to your username and password. Two-factor authentication asks you to provide one of the following things:

  • Something you know – a pin number, password or pattern.
  • Something you have – an ATM or credit card, mobile phone or security token such as a key fob or USB token.
  • Something you are – Biometric authentication such as a voiceprint or fingerprint.

 

Was this article helpful?