Here we go again. Another data breach at a mjor American corporation. And worse, it’s the second one at Yahoo.
Just like the last one, customers are learning about a giant breach of personal data long after the fact. And if they thought September’s disclosure was huge – 500 million user accounts – try 1 billion this time
These are stunning failures on the part of any company, and especially so for a tech giant. The hacks occurred in 2013 and 2014 and are only now coming to light. They show a company unwilling to take the necessary steps to protect its biggest asset – information.
According to a New York Times story published in The Buffalo News, Yahoo’s security team “clashed with top executives,” including President and CEO Marissa Mayer, over the “cost and customer inconvenience of proposed security measures.”
The lapses are not only shameful, they will be expensive. In July, Yahoo agreed to sell its core business to Verizon Communications for $4.8 billion. It should come as no surprise that Verizon said in October that it might seek to renegotiate the terms of the transaction because of the hacking. Sources say the company is now seeking major concessions from Yahoo.
Back in September, Yahoo revealed that the password information for at least 500 million users was stolen by hackers in 2014. Company officials blamed a “state-sponsored actor.” They say the bigger breach, in 2013, was sponsored by a “government.”
The two attacks have the distinction of being the largest security breaches of one company’s computer network.
The 2013 attack involved sensitive user information: names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions that could be used to reset a password.
The company has responded by forcing all of the affected users to change their passwords. It is invalidating unencrypted security questions. For some reason, the company did not take these steps back in September.
All Yahoo users must be concerned, whether active or inactive. Many people, despite the best advice, continue to use weak passwords across many different platforms.
New York State Attorney General Eric T. Schneiderman issued good advice to New Yorkers that can applied to anyone active on the internet:
• Create strong passwords for online accounts and update those passwords frequently, using different passwords for different accounts.
• Carefully monitor credit card and debit card statements each month.
• Do not write down or store passwords electronically.
• Do not post any sensitive information on social media.
• Use two-factor authentication, which uses a second piece of information besides username/password.
• Always be aware of the current threat landscape.
We live in a digital world that is under constant threat from hackers. Unfortunately, data breaches have become a near daily occurrence. Companies must do more to secure their customers’ information. Individuals have to asume their data is vulnerable and take steps to protect themselves.