Actu
Commentary on Yahoo breach - Fujitsu & Webroot
September 2016 by Expert
Following the news that Yahoo was hit by a data breach affecting 500 million users, two reactionary comments.
Rob Norris, Director of Enterprise & Cyber Security in EMEIA at Fujitsu:
“It seems that not a week goes by that we don’t see a data breach of one type or another. Yahoo is once again under the spotlight for a breach that has been named the largest in history. The fact that 500 million users have been affected is worrying. But let’s not forget, it isn’t the first company to be affected. And it won’t be the last.
“Many businesses, and consumers, are still failing to see the reality of the situation we are now facing. The effort required to combat breaches is industrial. Companies are no longer fighting against individuals, but a sophisticated criminal industry, designed solely to access and exploit their data.
“To remain ahead of their competitors – and trusted in the eyes of the consumer –organisations need to take a proactive approach when it comes to security. Organisations should focus on the integration of threat intelligence and other information sources to provide the context necessary to deal with today’s advanced cyber criminals. There must also be a clear and well-rehearsed crisis management plan for a breach, addressing internal and external communication. Whereas consumers need to ensure they use different passwords for different applications and are aware of the security risks when using payment information. As the number of these threats continue to increase exponentially, no businesses nor consumer can afford for cyber-security not to be their number one priority.”
Tyler Moffitt, Senior Threat Research Analyst at Webroot:
Half a billion records of just emails would be impressive but half a billion names, email addresses, telephone numbers, birthdays, hashed passwords, and (the icing on the cake) “unencrypted security questions and answers” is astounding. These constant breaches only prove that the connected world we live isn’t secure. It also reaffirms the need for one to heavily consider what info they hand off, regardless of how secure the site’s reputation is.
On the bright side, no financial data was breached. And while no unencrypted passwords were stolen, the unencrypted security questions are basically the same thing. It’s good Yahoo! is resetting the questions, but it doesn’t change that they were compromised and that some were likely used for identity theft before Yahoo! disclosed the breach.
