2016 wasn’t a good year for Yahoo.
After announcing in September that 500 million user email accounts had been hacked in 2014, it was revealed in October that the company itself had been spying on users and collecting the data for the NSA and FBI.
Now, a new hack has been disclosed, and it is much, MUCH worse than imaginable.
Over one billion user accounts were breeched in a cyberattack launched in August 2013. It is now believed to be the world’s largest known attack on an email service (the title was previously held by… Yahoo, for the 2014 breech).
As Reuters reports:
“The company, which is being acquired by Verizon Communication Inc for US$4.83 billion, said an unauthorized third party had stolen the data in the latest breach and that it was working closely with law enforcement.
The company said it has not been able to identify the intrusion associated with the theft.
Yahoo said the stolen user account information may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.
Payment card data and bank account information were not stored in the system believed to be affected, the company said.”
If Yahoo ever attempted to include basic security measures in their email platform, you would never know it. Even the “encrypted” security questions were stolen.
This new information has produced real consequences for Yahoo. In Canada, the company faces a $50 million class-action lawsuit, launched by a user who “used email to chat about a wide range of personal information, including financial and health information.”
Verizon, which plans to purchase Yahoo’s internet business, is demanding that Yahoo be repriced following the hack and has threatened to go to court if this does not happen. After the September announcement, Verizon had reduced their offer by $1 billion – the acquisition cost could be reduced even more this time.
Email is not the communication platform of the future. There are few security measures used in in this mode of communication, and none of them provide complete coverage. As Evizone Chairman Bill Wells outlined in a previous blog, anyone looking for secure communications needs to look for TELM:
- End Recipient
- Life Cycle
- Meta Data
If a security weakness is involved with any of these items – no matter how secure the rest is – your communications are vulnerable to a cybercriminal. Unfortunately, this is the case for any email service.
Evizone’s Secure Communications service is different. It provides complete TELM coverage for companies, ensuring that data is always protected behind a patented, military-grade encryption system that keeps out unwanted prying eyes.
One billion accounts hacked is one billion too many.
About Evizone Ltd.
Evizone Ltd. is a revolutionary secure communications, encryption and compliance software and service provider based in Montreal, Quebec, Canada. Evizone offers innovative enterprise solutions in secure messaging (next generation beyond encrypted e mail) and encryption, encryption at rest, regulatory compliance, compliance archiving, WORM compliance, 17a-4 compliance, document life cycle management and communications governance and risk management. Evizone’s services protect organizations through best in class security, encryption, recipient controls, document life cycle management, discovery management, compliance management, compliance archiving, tamper proof WORM and 17a-4 compliance archiving and complete audit records against the enormous damage caused by communications breaches. Evizone’s patented technologies offer a level of security impossible to obtain with conventional or encrypted email and fast, powerful, user friendly compliance archiving. Evizone’s services are immediately available on multiple platforms and provide the strongest commercially available communications security and compliance archiving. You can follow Evizone on Facebook, Twitter, and LinkedIn.
Tom Kott, HATLEY Strategy Advisors, 514.316.7082, firstname.lastname@example.org