Yahoo hack worse than expected – again

Exactly a year ago this month, Yahoo made a stunning revelation.

They had already announced in September that 500 million email accounts had been hacked in 2014. But then in October they announced that over 1 billion email accounts had also been breached in 2013. This gave the tech company the honour of being victim to the two largest attacks on an email service.

It can’t get much worse than that, can it?

Well, it turns out the 1 billion accounts was actually 3 billion.

Every single Yahoo account in existence was hacked.

As the New York Times reports:

“Digital thieves made off with names, birth dates, phone numbers and passwords of users that were encrypted with security that was easy to crack.

The intruders also obtained the security questions and backup email addresses used to reset lost passwords — valuable information for someone trying to break into other accounts owned by the same user, and particularly useful to a hacker seeking to break into government computers around the world.

No one knows exactly what happened to the data after it was stolen in 2013. But last August, a hacking collective based in Eastern Europe quietly began offering Yahoo’s information for sale, according to intelligence gathered by InfoArmor, an Arizona cybersecurity company that monitors the darker corners of the web.

Since then, at least three buyers — two known “spammers” and an entity that appeared more interested in using the stolen Yahoo data for espionage — paid about $300,000 each for a complete copy of Yahoo’s stolen database, InfoArmor said after Yahoo first disclosed the breach.

Cybersecurity professionals warned that because many of the three billion Yahoo accounts belong to people who use the same passwords for different sites and services, there is likely to be an escalation of email fraud and account takeovers. They added that anyone who had used Yahoo should be diligent about monitoring their personal accounts.

With the stolen data, fraudsters have a higher chance of gaining access to the victims’ bank accounts, said Frances Zelazny, the vice president of marketing at BioCatch, a security start-up. “Most people reuse passwords or make multiple versions of the same passwords that are easy to hack,” she said.”

It’s common these days for victims of cyberattacks to underestimate the damage caused. The escalating Equifax hack is one example.

But there is something particularly troubling about the Yahoo breach. That every account was compromised means the company took no precautionary steps to protect their data by segmenting it. As we wrote in October 2016, “If Yahoo ever attempted to include basic security measures in their email platform, you would never know it.”

It’s time to ditch traditional email services and move on to Evizone, the secure communications platform of the future.