Friday, September 30, 2016

500 Million Yahoo! Accounts Hacked


Yahoo! recently launched a press release announcing there was a massive breach in 2014 on 500 million of its users’ accounts. From the scale of the Yahoo hack, it is suspected by the company to be a state-sponsored attack. This was a cause for worry as over 1 billion people use Yahoo for finance, shopping, betting, and so on. Yahoo mail has over 225 million users monthly.

Stolen data
Yahoo says the attack stole user names, email addresses, hashed passwords, birth dates, phone numbers, security questions and answers. Curiously, Yahoo says the attack did not steal unprotected passwords, credit card data and bank account data. This data is not stored in the same servers that were attacked.

Cyber security experts say Yahoo may have been prompted into doing an internal probe after a hacker by the name ‘Peace’ claimed a Yahoo leak and offered 1 million Yahoo usernames and passwords on the dark web markets. Yahoo found this was untrue, but in its place found out this bigger breach.

Deeper impact
With so many sites to log in to, many people find it easier using the same email address and passwords for multiple accounts. Hackers know this, and will try using the email address and passwords on other sites like Facebook, PayPal, and anywhere else the email has been used. This can be easily done with footprinting applications like Maltego.

An attack like this ultimately leads to identity theft is the user has used the same email and password for critical systems like online banking. Data from an account leak is used in credential stuffing on applications like PayPal. With a success rate even as low as 1% that would be access to funds of 5 million users, which is a massive return for the criminals.

Passwords
Yahoo advised users who had not changed passwords since 2014, to do so. Indeed, all Yahoo users should change their passwords. Users are advised to make passwords that contain numbers, letters and special characters.

Users are further advised not to use the same password for multiple websites. Password managers like KeePassX can help users generate long passwords for separate accounts and keep them safe.

Two-factor authentication
Two-factor authentication, also known as 2-way verification, is becoming a standard for all website logins. The system works by asking the user to confirm of a login attempt on another trusted device like a mobile phone before access is allowed.

Vigilance
Hackers carry out identity thefts successfully by acting like a real user. If a user does $200 of transactions on PayPal they will stay in this range to avoid suspicion. Users are advised to stay vigilant and go through items like bank and credit card statements for suspicious entries. Yahoo! recently launched a press release announcing there was a massive breach in 2014 on 500 million of its users’ accounts. From the scale of the Yahoo hack, it is suspected by the company to be a state-sponsored attack. This was a cause for worry as over 1 billion people use Yahoo for finance, shopping, betting, and so on. Yahoo mail has over 225 million users monthly.

No comments:

Post a Comment