The breach spanned Yahoo’s online properties: Yahoo Mail, Yahoo Finance, Yahoo Fantasy Sports, and Flickr to which many Yahoo accounts were linked. Only the Yahoo blogging site Tumblr appears to have remained unscathed. The hackers netted a trove of valuable data, including email addresses, phone numbers, birth dates and encrypted security questions and answers.
Three things about this invasion should disturb us all: 1.) A foreign state is likely its sponsor, 2.) The target was a major online player (too big to be hacked?), and 3.) It took two years to discover the crime – shocking because breaches typically tend to be discovered quickly. The Yahoo cybercriminals were extremely savvy.
In a way, the Yahoo beach is a great beginning to this special month, which is a collaborative effort of the U.S. Department of Homeland Security and its public and private partners, including the National Cyber Security Alliance. We call it a great beginning because this historic breach is a powerful reminder that no one is safe from a cyber-attack, and no business is too big to be hacked.
The stolen data, which might seem trivial, will be the key to further breaches across the web as the hackers use the stolen account information to add to their haul of data, including social security numbers and passwords to financial accounts. These will probably be sold in bulk on the “dark web” to other criminal enterprises. Data today is as valuable as gold.
Yahoo insiders report that online security was not a top priority for the company, that it ranked well below marketing and product development in terms of management attention. If true, that lack of attention has jeopardized the personal information and breached the trust of millions of users and may have put Yahoo’s impending deal with Verizon in jeopardy. The New York Times reports on the issue here.
Don’t be Yahoo. No one is safe from hackers. It’s not just the big guys they’re after. PC World reports that 60 percent of small businesses fold within six months of a security breach. Throughout October, look for important information from NCSAM at https://www.dhs.gov/stopthinkconnect. Follow them on Twitter at #CyberAware. IBS will be posting valuable information on Facebook, LinkedIn and on Twitter.