They say tragedy comes in threes. In the case of Yahoo, let's hope that it at least stops there.
Just one day after the Valentine's holiday, the internet behemoth revealed yet another data breach - the third report in six months - leaving the company reeling after more than 1.5 billion customer accounts had been compromised!
This is even worse news than you might imagine. Yahoo was looking forward to a $4.83 billion acquisition from Verizon Communication; but now the telecommunications company is cutting the deal, expected to be closed by the end of 2017, by as much as $250 million to $350 million.
While data breaches are, in some ways, preventable, they are unpredictable; and the discovery of these hacks can take years. How would your business fare against such an attack? Can you sustain the damages to your finances and reputation? CyberPolicy offers cyber risk insurance which can insulate businesses against the most deleterious effects of hacker incursion.
Ya-Who Done It?
In September, Yahoo revealed that 500 million account records had been stolen in 2014 via state-sponsored cybercriminals. Information leaked included names, email addresses, passwords, dates of birth, phone numbers and personalized security questions - enough data to rip off personal and professional accounts across the web. At the time, this was thought to be the biggest breach in internet history.
In December, during the investigation of the 2014 incident, Yahoo (with the help of law enforcement) uncovered a separate incident from August 2013 that affected more than one billion users! Similar data was breached, this time thanks to bogus cookies which bypass the need for user passwords to access an account.
These events are enough to make your head spin. But the bad news didn't stop there. The most recent attack, occurring in 2015 or 2016, also used forged cookies to infiltrate user accounts. The company has not released the number of affected customers, although experts suspect that it is much smaller than the first two incidents.
So, what gives? Are Yahoo's defenses just that weak, or are the hackers just that sophisticated? It's really hard to tell since the company has been less than forthcoming about the incidents when questioned by law makers. However, this could be the work of advanced government-sponsored cyber crooks with the resources to breach even the most robust cybersecurity protocols (although there is some skepticism about the claim).
No matter the cause, there are steps consumers and businesses should take to following a high-profile breach such as this:
Change your password. Hopefully you haven't reused your email/password combination for other services, but if you have, update them immediately.
Review your security questions. You likely reuse the same questions and answers for various services. Since hackers were able to pilfer this information, they could access your other accounts by clicking Ëœforgot password' and entering the proper responses.
Stay suspicious. Watch your accounts for any fishy activity.
Consider swapping email services. While any company can fall prey to hacker incursion, you should always ask yourself if it worth using a site or service following a breach. Make smarter decisions to better protect your privacy.
While Yahoo likely has the largess to handle such a breach, the truth of the matter is that most small and mid-sized businesses do not. In fact, more than half of SMBs file for bankruptcy only six months after a data breach. Don't let this happen to you. Protect yourself with cyber risk insurance from CyberPolicy.
Curious to see what cyber risk insurance can do for your business? Visit our website to get a quote!