Yahoo!: Could it be the biggest data breach in internet history?

Next story

With Verizon about to buy Yahoo! this data breach could have a knock on effect for both user and company. Mark James, ESET IT Security Specialist, sheds light on the next steps both will have to take.

Image

The 2014 Yahoo! data breach which impacted over 500 million user accounts, where names, email addresses and encrypted passwords and personal details were stolen, is the biggest hack in the history of the internet. The impact is massive, and sadly it took two years for Yahoo! to recognise and report the incident to the public.

Mark James, ESET IT Security Specialist, discusses what this means for the supposed Yahoo! takeover, users of Yahoo! and what other companies could learn from this.


How big is the attack and what are the implications?


500 million hacked accounts is huge by any standards; I think we sometimes get a little blasé as the numbers get higher, but let’s not make any mistakes here, that’s a lot of customer’s information stolen.

Data breaches are on the up - it’s almost a daily occurrence but the damage it causes is massive.

The data may be used for immediate financial gain, or used later along with more information to enable identity theft or phishing attacks, either way it could be very damaging for the victim.


What does this mean for users who rely on their Yahoo accounts?


As always in these cases, it’s the end user that ultimately pays the price. Of course from a PR point of view it’s never good for the company that was breached, but for the individual it could have long term financial implications if things go badly wrong.

It could also mean accounts may be temporally unavailable, and for some, emails are a lifeline.

Changing email address and moving to another provider is not as easy as it sounds, because of the nature of how emails work. Access to the old email will still be required in case of older websites that may require password resets or account recovery with the original email address.


What does this mean for Verizon as they are about to buy Yahoo?


They will have to consider the backlash of future issues with compromised account data, because the ramifications of data breaches are often felt in the future.

They will have to consider the implications of any customers who can prove identity issues caused as a result of this particular breach if Verizon are the new owners.


What should enterprises be doing to stop hacks on this scale?


Doing all you possibly can to stop it in the first place, ensuring that if it does happen then the data is stored in such a way, it’s impossible to do anything with it. Also, having a good contingency plan in case it happens is what organisations need to be doing.


What can Yahoo and other businesses learn from this?


Where possible, being proactive with your user base and keeping the users in the loop. If there has been a breach then find out how, where and why.

Ensure your systems are now clean if malware is involved, reset passwords, and inform your users and keep them up-to-date.

We all understand data breaches are a factor of modern day computing but the impact can be cushioned with the correct flow of information.


Were you a victim of the breach? Have you experienced any negative consequences? Let us know on Twitter @ESETUK


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.