Ever since the security breach in 2014, Yahoo has been having an ongoing investigation into the incident.  Last Thursday Yahoo has released a statement about yet another setback for the internet company.

Yahoo admits they are not sure of the specifics of the stolen information. However, there is an estimated 500 million accounts that appear as targets. Among this stolen data is email addresses, phone numbers, birth dates, hashed passwords, and security questions.

Is Yahoo to Blame?

Talks of the people to blame for the attack were state sponsored actors under the orders of the Russian or Chinese government. Although it’s hard to tell due to the fact that an experienced attacker cannot is difficult to trace and uncover. Not to mention Yahoo had yet to release solid proof of this accusation.

Experts in cyber security say that it is much more likely that this was just a “traditional hack”. Possibly even aimed at making money by an unrelated party.

Yahoo recommends that users change their passwords if they haven’t done so since 2014. News of this breach can cause Yahoo some an unnecessary headache. As they try to sell its digital operations to Verizon Communications for 4.8 billion, one can’t help but worry of a breach.

How to Defend Against an Attack

A breach like this is the worst case scenario for a company. However, proper security practices and vulnerability assessments and penetration testing can play a huge part in lowering your risk of a breach.  It can take years for a company to figure out the damage a breach can cause.

A lot of damage can happen over that period of a few years. The ones responsible for the attack in the meantime will be doing whatever they want with the stolen data, as your company is frantically trying to patch up holes in its security defense and assess damage.

Photos supplied through flicker’s Esther Vargas and abhisawa via cc license v2