If you live on Planet Earth right now, chances are you have heard of the Yahoo mega data breach. The internet pioneer admitted last week that highly sensitive information on 500 million account holders was stolen from its network a two years ago, but only just discovered. That may have given the bad guys a long time to compromise your data, if you’re a Yahoo customer.
It’s the latest in a long line of similar looking breaches affecting some of the web’s biggest names, including LinkedIn, Tumblr, MySpace and more. But it’s the biggest yet – maybe even the biggest breach ever – so let’s take this opportunity to revisit some best practice security tips to help keep your password-based accounts safe.
According to Yahoo, the state-sponsored hacker who got into its network might have got away with names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers. This affects all Yahoo, Yahoo Finance, Yahoo Fantasy Sports and Flickr users.
When this kind of cyberattack happens, it’s not just the company itself that finds itself in trouble, it’s the everyday users of its services. Yahoo maintains that customers’ payment card data and bank account information isn’t stored in the system and so is safe. But there are still many risks facing users following the attack.
Hackers are adept at using stolen account information to launch so-called phishing attacks, where they email the target pretending to be Yahoo or another company. The details can be used to make the email appear more authentic. They may ask the victim to click a link to confirm account details or similar. The aim is to elicit further sensitive information – often financial – from the user, or even to infect them with information-stealing malware.
In addition, many Yahoo customers may use the same password across different sites – sometimes with the same username/password combination. If that’s the case then the cybercriminals who may have your details could break into other online accounts – causing yet more pain and financial loss.
Keeping passwords safe
Data breaches have become increasingly common today. The Identity Theft Resource Center claimed in January that there were 781 in 2015 alone – the second highest since records began in 2005. As long as stolen records continue to sell on the black market or are useful to nation states, companies will continue to be breached. So it’s down to the consumer to do what they can to minimize the personal fall-out from a successful cyberattack:
Remember, this is best practice for all accounts, not just Yahoo. Follow these steps and you should be in pretty good shape next time a major data breach hits the headlines.
Please add your thoughts in the comments below or follow me on Twitter; @smccartycaplan.