The real lesson of the Yahoo hack, in which 500 million user account details were stolen, is this: any account details you enter into an online storage system will probably get hacked at some point.
Advertisement
Steven Caponi, an attorney at K&L Gates with a practice including merger litigation, said that Yahoo’s breach could fall under the “material adverse change” clause common in mergers allowing a buyer to walk away if its target’s value deteriorates.
But Cody Littlewood, who owns a start-up incubator in Miami Beach, was one of several users who said it was precisely because of the decline in the use of Yahoo’s services that they were not anxious about the hack. It might just be your email and (encrypted) password, or it might – as with Yahoo – be more details such as name, address, phone number, birthday and even answers to security questions you use to verify who you are.
As of yet, Yahoo has not named the alleged state actor and/or hacking collective (s) sponsored by it. The security breakdown risks magnifying Yahoo’s preexisting problems – specifically, that it is losing users, traffic and the advertising revenue that follows both, to rivals such as Google and Facebook.
A recent investigation by Yahoo! Inc. Further breaches took place in 2013 in which multiple accounts were hijacked for weeks on end. This uses a mathematical function to convert plain-text passwords into a long string of text that is then stored on the company’s servers. This is certainly the case when any actor with enough resources and legal impunity sets their mind to it. So, if you had a Yahoo account anytime before the beginning of 2015, there are several steps you should take to be prudent, whether or not you use your Yahoo account now.
The first thing you should do is a thorough password review.
Jeremiah Grossman, chief of security strategy at SentinelOne, a security firm, and a former information security officer at Yahoo, is very familiar with the technology. This would include a recovery email, PayPal, or your Cloud services.
Additional information regarding the data breach can be found by clicking here. In the meantime, the company is taking action to protect users, such as informing them of the attack and prompting them to change their passwords and security questions (previous security questions have been invalidated to prevent unauthorized access to accounts). One measure to take against this, per GGA, is to file taxes early so any duplicate returns filed thereafter can be flagged as soon as possible.
Advertisement
Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account. To start, be sure you know your current password – you’ll need it to make changes in any security settings.
