500 million users’ accounts being breached in 2014 wasn’t bad enough, yahoo has now just found that it is the subject of one of the biggest data breaches in history!
In 2013 more than one billion user accounts have been compromised. Best to change your passwords!
Hackers have used a method which is known as ‘forged cookies’ to enable them access to different users’ accounts according to a statement from Yahoo. What these ‘forged cookies’ do, is embed a few lines of code into the user’s browser cache which means that every time yahoo was accessed, it did not request a login every time.
This now meant that the cyber criminals of which were behind the scheme were able to use this vulnerability to pose as and be misidentified as a user gaining access to their account without the need of any details.
Email Account Breach.
In this case, email accounts were breached and it is not thought that any stored payment card and bank account information were taken. One big problem is however that emails contain all kinds of sensitive and personal details such as bank details, family details, and even passwords.
So although payment information was not taken there could be important sensitive information revealed to these cyber criminals which could lead to gaining payment cards or bank details being taken.
Another danger of having your email password stolen by hackers is that many people use the same password for multiple purposes e.g. as their login to retailer accounts. Hackers are therefore known to compile databases of them, and to test combinations of stolen login details on other websites e.g. Amazon in the hope that password sharing will enable them to gain entry.
A lot of people do this because there are just so many services out there that people use and couldn’t remember so many different passwords for so many different services. They might not want to have to remember a different password for every service they use.
State Sponsored Breach.
It has been reported that Yahoo believes that the one billion + user data breach is likely to have been ‘state sponsored’.
Letter From U.S. Senators.
Some security experts have suggested that in recent years, Yahoo had been falling behind its peers in terms of blocking spam and email-based attacks. It has also been reported that after Yahoo’s announcement in September about its huge data breach back in 2014, six US senators sent Yahoo a letter. The letter voiced their concerns, asked when Yahoo had actually found out about the breach, and stated that the long delay between the breach and its announcement was ‘unacceptable’.
What Does This Mean For Your Business?
If you are a Yahoo email account holder, the advice from the company is to change your passwords and security questions/answers and to change the answers for any other accounts on which you used the same or similar information. You are also advised to review your Yahoo account(s) for any suspicious activity. Yahoo also suggests that account holders should beware of unsolicited communications asking for personal information or referring them to web pages, and to avoid clicking links or downloading attachments from suspicious emails. Yahoo is also offering users the ‘Yahoo Account Key’ tool which gives authentication without the need a password.
For businesses and individuals alike this story emphasises the need to be vigilant online, to set very strong passwords and not to share passwords between different websites.