More Than One Billion User Identities Were Stolen From Yahoo In 2013

Following the recent news surrounding the Yahoo! security breach, IT security experts from Kaspersky Lab and Gigya commented below.

David Emm, Principal Security Researcher at Kaspersky Lab:

“Yahoo! has just announced that it fell victim to yet another security breach, with personal details stolen from approximately one billion user accounts. There have been a number of cases this year of retrospective notifications of breaches that are of little help to customers affected by them. This underlines the need for regulation.  It’s to be hoped that GDPR (General Data Protection Regulation), which comes into force in May 2018, will motivate firms to, firstly, take action to secure the customer data they hold, and secondly, to notify the ICO of breaches in a timely manner.

Customers that entrust private information to the care of a business should be safe in the knowledge it is kept in a secure manner. Whilst security solutions significantly mitigate the risk of a successful attack, there are also other measures businesses can take in order to provide thorough protection. These measures include running fully updated software, performing regular security audits on the website code and penetration testing the infrastructure. It’s crucial that businesses ensure that all passwords are protected using secure hashing and salting algorithms. The best way for organisations to combat these types of cyber-attacks is at the beginning; by having an effective cyber-security strategy in place before the company becomes a target.

Consumers have no control over the security of their online providers.  However, they can mitigate the risk of a security breach.  We would recommend that everyone uses unique, complex passwords for all their online accounts. It’s a growing concern that many people use the same password and personal details across multiple online accounts, meaning if their details have been compromised by one attack they could find other accounts suffer too.   We would also urge people to take advantage of two-factor authentication, where a provider offers this.”

Richard Lack, Managing Director at Gigya:

 “Data breaches have become a recurring and all-too-familiar story of late, making it easy for our eyes to glaze over at the latest announcement of millions of stolen customer credentials. Yet it’s hard to ignore yesterday’s announcement from Yahoo that more than one billion user identities were stolen from the company in 2013.

“The outcome for Yahoo could be disastrous. A pending acquisition of the company by Verizon Communications could be at risk. The FBI is investigating. And some security experts are advising people to stop using services such as Yahoo Mail. The biggest loss for Yahoo, in my view, is trust.

“In the online world, customers need to share their identity – email addresses, personal preferences, credit card numbers, etc. – to connect with the businesses that provide them goods and services. If customers can’t rely on a business to protect that data, then trust is lost. In other words, identity is the currency of trust.

“Yahoo undoubtedly could have done a better job of protecting customer data, but breaches can happen to anyone – there is no magic bullet in security, and no organisation should regard their infrastructure as impenetrable.

“Trust is earned in drips and lost in buckets. As the Yahoo hack dramatically illustrates, every business that wants to build online relationships needs to make protecting customer identity a priority – or risk losing trust in an instant.”