However, in carrying out forensic analysis of a breach Yahoo Inc. announced they had become aware of in September this year which affected 500 Million User Accounts – they inadvertently discovered a second, and much larger, breach also took place.
Yahoo!, the technology corporation behind many online services including News, Finance, Search, Media Services, and the most security vulnerable area – Email Services – have published details of this newly discovered breach.
In their announcement, they have stated it does not appear passwords as straight text, credit card data or bank details were obtained, however names, email addresses, telephone numbers, dates of birth and hashed passwords (an encryption method where the original password isn’t recorded ‘in English’, but the hashed password can potentially be used to login and impersonate the user) were all confirmed to part in the stolen data.
Although this latest breach is said to have occurred in August 2013, Yahoo are now actively notifying their users to change their passwords & security questions – as there is a very good chance some users have not changed these in the time since both breaches occurred. Yahoo are also recommending the use of their Two-Factor Authentication tool – which adds an additional layer of protection by requesting additional security questions be answered or a unique code sent to your Mobile be entered when logging in on a new device for the first time.
The incredibly long delay between when these breaches occurred and their discovery should be a reminder to us all to practice good password security:
- Have passwords that are easy for you to remember, but hard for someone else to guess – so avoid publicly available information like the name of your partner.
- Don’t reuse passwords across multiple websites – especially not reusing your Email Account Password, as this is the gateway to ALL your other Website Accounts.
- Utilise Two-Factor Authentication (2FA) for those Websites which support it – the number of which are growing by the day.
- If you can’t/don’t use 2FA, change your passwords regularly – just in case another breach that happens tomorrow also isn’t discovered for another 3 years.
If you have any concerns over the security of your business network and its potential exposure to data breaches, please get in touch with our Business Innovations Team.