Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Breach of 500-M Yahoo accounts drive home importance of data security strategy
SECURITY

Breach of 500-M Yahoo accounts drive home importance of data security strategy 

Yahoo’s report of the breach comes just weeks after a technology Web site Motherboard  announced in August that a hacker known as Peace was advertising on the Dark Web that he was selling some 200 million Yahoo user accounts. At that time, Yahoo issued a statement saying that it was aware of the claim and its security was investigating the case.

Yesterday, Yahoo issued an announcement that the account information stolen may include names, email addresses, telephone numbers, dates of birth, hashed passwords, “and in some cases, encrypted or unencrypted security questions and answers.”

Yahoo claims its ongoing investigation suggests that the stolen information did not include unprotected passwords, payment card data, or bank account, payment card data and bank account information. However, there is still the possibility that holders of such information could potentially cobble it with other data and gain access to user’s other accounts such as banking accounts, medical records, and even corporate or government accounts and networks.

The incident serves to bolster the importance of having a security breach strategy, according to Claudiu Popa, security expert and president of Informatica Corp., a Toronto-based security and privacy risk assessment firm.

“My grave concern with this matter lies in the following unanswered questions,” Popa told ITIC. “Businesses must create Breach Response Procedures based on the assumption and simulated scenarios of serious data breaches.”

Among his questions were:

  • How many Canadian users does Yahoo have exactly?
  • How will Canada’s privacy laws protect Canadians impacted by Yahoo’s loss?
  • On what basis are state-attackers to blame and why would Yahoo be less accountable for compromising its users’ data?

What should be included in a company’s Breach Response Procedure? Popa suggests including the following:

1. A communication plan that details what they know and how they are now containing the problem

2. An acknowledgment of accountability for the information assets that were entrusted to them

3. A clear set of steps for users to follow to protect themselves immediately and in the future, not just “change your passwords because we got breached”

“Most importantly, they must respond and notify customers and users immediately,” Popa said. “ The speed of the disclosure is critical in salvaging the public’s trust and helping potential victims to protect themselves.”

RELATED CONTENT

Protect your business with these password security tips

3 data protection tips that can save enterprises $1-M a year

Seven common cyber security myths

“Yahoo is notifying potentially affected users and has taken steps to secure their accounts,” the search engine company said. “These steps include invalidating unencrypted security questions and answers so they cannot be used to access an account and asking potentially affected users to change their passwords.”

Yahoo also recommended that users who have not changed their password since 2014, do so now.

Here are four things you can do if you suspect you might be one of the victims of the breach

Change passwords. Not just the one for your Yahoo account. Use this as an opportunity to update all your passwords. And avoid the temptation to use the same password for different accounts. Too much work? Try using a password manager which store all your account details in an encrypted storage on your computer or smartphone. Check out PC Mag’s list of best password managers for 2016.

Review and delete sensitive content. Search old emails and delete correspondence that may contain sensitive information. Empty your trash folder. Review the security settings of services connected to your Yahoo account and disconnect them.

Enable two-factor authentication. Add another layer of security requiring another form of authentication in order for your account to be accessed.

Avoid answering suspicious emails. Hackers may try to exploit the Yahoo account breach news and send out an email that baits users into revealing their passwords or clicking on attachments that contain malware. Be extra vigilant.

Related posts