Another day, another data breach.
That’s what it is beginning to feel like for countless Americans faced with the increasingly common warnings about data breaches in various fields – retail, health care and, the latest, an internet icon.
Yahoo has announced that the password information for at least 500 million users was stolen by hackers. Some two years ago. It is being reported as the largest known intrusion of one company’s computer network.
It’s worth adhering to the advice not enough of us follow: change passwords and make them strong. This often means some incomprehensible and lengthy amalgamation of letters, some capitalized, along with numbers and symbols. Mashing the keyboard and using what comes up might be good advice.
Companies and certainly governments, at all levels, have an even greater obligation to ensure hackers cannot get through firewalls. Increasing cybersecurity must be a focus for any entity relying on the internet.
As this editorial is being written, other breaches are almost certainly at least being attempted. What once was alarming has become commonplace. But Yahoo stands out.
Five hundred million user accounts – some of them probably forgotten by their owners – were violated. The company released a statement saying user information that may have been compromised includes names, email addresses, telephone numbers, birth dates, passwords and, in some cases, security questions.
The loss of user information is particularly troubling. Because so many people use the same user name and password for multiple accounts, hackers can use the stolen information to gain access to other accounts.
Company officials blame a “state-sponsored actor” for the data breach. By what country, Yahoo officials are not saying, but they have offered a list of cautionary guidelines including changing passwords for theirs and other online accounts while watching for suspicious activity.
Other than that, it’s business as usual. Verizon Communications is going ahead with a $4.8 billion acquisition of Yahoo, which was announced in July. Yahoo has had its troubles lately, making it ripe for acquisition. No telling what the sales price will be in the end, but the compromise of a company that has been around since the early stages of the internet is significant. As is the fact that the breach, which occurred in 2014, is only now coming to light.
Yahoo reportedly learned of the data breach this summer after hackers posted their harvest on underground forums and online marketplaces. Yahoo says the company’s team investigated and was not able to confirm that the stolen data had originated from a breach at Yahoo. But a further look at its own systems showed that there was another breach – this one believed to be by the state-sponsored actor – that dated back to 2014.
As data breaches become the norm, they force all of us to take steps to protect our information as best we can, and demand the same, if not better, from the companies, corporations and organizations that hold so much of our information.