Yahoo breach – two years on…

News and information from the Advent IM team.

Some comment from Mike Gillespie:

Not for the first time lately, are we looking at the fall out from a breach that happened well over a year ago, (Dropbox anyone) in the case of the Yahoo event, it is  two years old. Once again we are being told to change our passwords and being reassured that no credit card details were taken in the breach. 500million accounts is a lot of reassuring… How the attackers managed to get away with so much information and indeed for much of the information loss to be unknown, will hopefully start to be revealed as investigations unfold.

If like many people, you re-use passwords on other platforms, then the possibility that you could be breached elsewhere too, increases. If your password was one of the passwords on the list we issued after the last breach announcement (Dropbox),  then chances are that password was broken quite some time ago, probably just after the details were made available. Anyone using 12345 or qwerty for instance, is unlikely to have survived intact. If you haven’t changed your password in two years as a matter of course, then its also possible you could have problems.

Going back to my point about password re-use, credit card details may not have been taken but if you re-use a password for your e-banking or other online transactions, then you could be compromised. So whether the information came out of this breach directly or indirectly, you still need to ensure you have some process in place around you password management. Given that some security questions were also stolen in this hack, you may also need to reconsider your security questions on other sites and perhaps look at other two factor authentication methods if possible. If anyone recalls the VTech breach, the same assertion was made, that credit card details were not taken. But the information people use as a security question was breached…that information cannot be safely used again.


Share this Post