In this series of blogs we examine all topics under the information security umbrella. From corporate blunders to rogue state attacks to the occasional celebrity hack, we believe there is something for businesses and individuals to learn from any cyber security event. We also believe that, while experience is the best teacher, it’s even better to let other people make the mistakes for you.
Yahoo Breaks All The Wrong Records
In the unlikely event you missed it, Yahoo recently copped to a bit of a blip on their operations SNAFU radar from two years ago. By that I mean they admitted that they are only now getting around to telling users, investors, and their new owners over at Verizon about how they might have let at least 500 million user accounts be compromised. Yes, no fewer than half a billion accounts and there are reports surfacing that the actual number could be much larger. And yes, this happened two years ago. We’ll let you dust your jaw off from it hitting the floor a moment ago to begin sorting through all of the ramifications of this news, but believe me, there are many.
Leaked Account Info? You Know What to Do
At this stage, understanding what to do when you have leaked account info out there should be, unfortunately, commonplace. If not, here’s a refresher that includes some of the smart password protection advice we’ve shared in the past.
For starters, you could just follow Yahoo’s own damage control advice, but you could just save time and log into your Yahoo account to update the password. If you’re not using a password generator, at least remember to never use a password on multiple sites, keep it a combination of letter, special characters, and numbers, and don’t use easily available info about you including pets, past schools, birthdates, ect. Then, here’s the tough part, do it for every single online account you have. The nature of this hack is unique in that, unlike Home Depot, Target, or other big corporate targets of cyber crime, Yahoo’s leaked account info has every single piece of your account in it. That means instead of randomly trying credit card numbers against names en masse, the perpetrators here can surgically target each individual by name, back up email account, zip code, and a host of other identifying pieces of information. So yeah, get comfy and order take out (over the phone), because you’re going to be at your computer for a while.
This Happened in 2014, Why Wait to Tell Us?
Deciphering this one requires a little more patience and imagination, as it’s not yet entirely clear what the hold up was. It is true that many highly publicized security breaches need to be confirmed internally before any public announcements are made and, frankly, this is a good thing because we wouldn’t want to have to change all of our passwords at every little scare or false alarm. The reason this may take weeks, months, or even years to complete is simply that if the target company knew about the method their attackers took to compromise their security, it would probably be one they were already monitoring. Unlike stealing the Hope Diamond, taking data off of a server can be done in a way that the theft is never noticed, or certainly not as immediately noticed as a 45-carat deficiency in the National Museum of Natural History’s all-star line-up would be. These factors aside, there is also the issue of Yahoo’s carousel of mediocrity that has just recently seemed to stop spinning with the news of Verizon’s plan to purchase the internet company. This is where things can begin to get really sticky.
This is where the aforementioned imagination can be helpful or hurtful, depending on your perspective. Like we’ve mentioned, data breaches can take a while to notice and Verizon themselves have admitted that it could take up to 18 months for this type of breach in particular to be caught. However, even the slightest indication that Yahoo was aware of the compromise in security back in 2014 would at best, call for an investigation into the specifics and at worst it could even result in hefty sanctions for those responsible.
Next Steps For Cyber Security
I’m not going to lie, things seem to be accelerating a bit in the cyber security breach department. With accusations of foreign actors and state-sponsored cyber crime on the rise, it’s not too out of the bounds of reality to expect that more of these large, high-profile hacks may be on our horizon. What is absolutely certain, though, is that despite of the success or the source of the hacks, cyber criminals and corporations will continue to battle it out. The best bet for you is to follow the basic principals of protecting your own information, acting fast if you find out you have leaked account info, and staying plugged into our Twitter or Facebook feed for more updates to best practices, latest hacks, and important security updates.
And of course, as always, you need to remember that it’s a jungle out there, so protect ya neck!