Almost exactly a year after Yahoo announced they suffered the largest data breach to-date, officials corrected the estimated number of users affected in a statement released on October 3rd. The initial estimation, which was made when they first announced their data breach in September 2016, was that the details of 500 million users were stolen. Three months later, Yahoo upped their assessment to one billion users. However, Yahoo is now telling users that virtually everyone who has a Yahoo account has had their data stolen. That’s correct, all THREE BILLION users have had their sensitive data stolen.
Yahoo Data Breach(es)
Something that’s little-known to the general public is that Yahoo actually suffered two data breaches; one in 2013 and another a year later in 2014. What we all notice, however, is that it took Yahoo over two years to notify their users that a data breach occurred. Why is this such a big deal? Well, the cybercriminals made off with names, email addresses, telephone numbers, dates of birth, passwords, and even the answers to the security questions you answer when creating an account. This means that these cybercriminals had over two years to do what they please with this information.
What would cybercriminals do with this information? Seldom do hackers who have the ability to breach a company as large as Yahoo actually use this information to perform malicious acts. Instead, they will sell this information on the dark web for other cybercriminals to use. The newest trend we are seeing is that a hacker will buy a portion of a list such as Yahoo and then use the login credentials to automate a ransom attack on iPhone, iPads, and Macs.
How do hackers use the information they bought to perform this attack? The vast majority of individuals use the same login credentials across all platforms. They use the same username and password for their Yahoo account as they do for their AppleID. No one wants to remember a different username and password for every single account they have. This behavior is exactly what leads to hackers being so successful with these kinds of attacks.
Change. Your. Passwords.
If you have ever had a Yahoo account, your online well-being is at stake. However, if your Yahoo login credentials are different than every other online account you have, you should be fine; for now. There are several password managers that take the inconvenience of remembering different passwords across all of your accounts away. At WatchPoint, we recommend 1Password and LastPass. After creating an account with one of these password managers, you will be prompted to add sites you frequently visit into the application. Now, every time you want to login to one of these sites, the password manager will generate a random password which will give you access to the site. This will completely alleviate the inconvenience of remembering numerous passwords while taking your worries away about becoming the next victim of a data breach. If you feel you have been attacked by Ransomware, please check out our ransomware prevention checklist.
