Yahoo’s new breach 500 million accounts hacked

Ever since the security breach in 2014, Yahoo has been having an ongoing investigation into the incident.  Last Thursday Yahoo has released a statement about yet another setback for the internet company.

Yahoo admits they are not sure what information is stolen, however, there is an estimated 500 million accounts that were targeted. Among this stolen data can be email addresses, telephone numbers, birth dates, hashed passwords, and security questions.

Who is to blame

There have been talks that the people to blame for the attack were state sponsored actors under the orders of the Russian or Chinese government. Although it’s hard to tell as many times a good hacker cannot be traced back too. Not to mention Yahoo had yet to release solid proof of this accusation.

Experts in cyber security say that it is much more likely that this was just a “traditional hack” aimed at making money by an unrelated party.

Yahoo recommends that users change their passwords if they haven’t done so since 2014. News of this breach can cause Yahoo some un-needed headache as they try to sell its digital operations to Verizon Communications for 4.8 billion.

What can be done to protect a company from this kind of attack

A breach like this is the worst case scenario for a company, however, proper security practices and vulnerability assessments and penetration testing can play a huge part in lowering your risk of a breach.  It can take years for a company to figure out how much damage was truly done after a breach. A lot of damage can happen over that period of a few years. The ones responsible for the attack in the meantime will be doing whatever they want with the stolen data, as your company is frantically trying to patch up holes in its security defense and assess damage.

Photos supplied through flicker’s Esther Vargas and abhisawa via cc license v2