Yahoo Breach Gets Bigger, Showing Need for Endpoint Software


Verizon Communications, which acquired Yahoo earlier this year, recently revealed that all user email accounts have been compromised by hackers. Originally, Yahoo believed that only one billion accounts were affected by the cyber intrusion. This initial revelation was called the largest data breach in history. The data breach has tripled in scale and now impacts three billion accounts.

The data breach occurred in 2013 and has caused issues for Yahoo ever since. Yahoo first announced this breach in December of 2016. Law enforcement officials found that hackers were able to steal user data back in August of 2013. In September of 2016, the the company revealed that another separate data breach had occurred. This cyber attack occurred in 2014 and affected 500 million users accounts.

Hackers were able to compromise names, birth dates, phone numbers, and user passwords. The user passwords were not stored in plain text, but they were encrypted with an algorithm (MD5) that was easy for seasoned hackers to decipher. The hackers were also able to access security questions and backup email addresses. However, they were not able to steal any payment card data or bank account information.

Yahoo says that users who made email accounts in 2013 and before have been affected by this breach. Users who have accounts with Yahoo services like Flickr also have had their information compromised. In light of the new revelation, Yahoo has started sending out email notifications to all affected user accounts. Users have been advised to change their passwords and monitor their accounts for suspicious activity. Verizon is working with law enforcement, although no new action is being taken by the company.

Yahoo and Verizon did not disclose why their original forensic analysis missed that two billion additional accounts had been compromised. When Yahoo first revealed the data breach, Verizon slashed their asking price for the company to $4.8 billion. In late August, a federal judge ruled that users would be able to move forward with a class action lawsuit against the company. Plaintiffs will be allowed to pursue breach of contract and unfair competition charges against Yahoo.

Data breaches can have devastating consequences for companies. Yahoo’s data breach is still being discussed, even though it was revealed last year. The company’s finances were impacted when Verizon bought the company for $4.48 billion instead of $4.83 billion. Yahoo will also face litigation from consumers. Because data breaches can have lasting impacts on profits and reputation, below are a few steps companies can take to secure their endpoints from hackers:

  1. Require two-factor authentication: Companies that only rely on text passwords for access to confidential information are risking a data breach. By requiring two-factor authentication when employees log into their user accounts, companies can add another layer of security that hackers need to get past.
  2. Encrypt user data: Consumers now expect companies to encrypt their sensitive data. What was once considered an additional level of security is now a basic expectation in 2017. Data encryption with a strong algorithm can prevent hackers from using stolen data. If the hackers can’t decrypt stolen user information, the impact of a data breach is lessened.
  3. Monitor networks: IT teams should prioritize monitoring company networks for suspicious activity and unauthorized users. Regular network monitoring can help IT teams uncover malware or suspicious patterns in activity. With consistent network monitoring, IT teams will be able to see if unauthorized users are accessing confidential user information, or if data is being transferred out of the company. Network monitoring also allows IT teams to catch hackers before they have a chance to do large-scale damage.