Expert Insights Into The Yahoo Breach

Advertise on CloudTweaks

Yahoo Breach

Latest reports suggest that the recent Yahoo! data breach may exceed 500 million records, with some sources implying millions more records penetrated, upping the total number of records stolen in various recent hacks to approximately 3.5 billion. CloudTweaks spoke to Kevin O’Brien, CEO of GreatHorn, for expert insight into this latest violation. GreatHorn provides cybersecurity solutions for cloud communication platforms and is the first automated spear phishing prevention platform natively integrated into cloud-based email systems such as Google Apps and Office 365.

kevin-obrienSays O’Brien, “It’s concerning that it took two years to uncover the breach and demonstrates how ill-equipped even one of the world’s largest tech companies is to address the gap between a breach and detection. The attackers – who are presumed to be state-sponsored hackers – didn’t just steal your grandmother’s email address. They stole the good stuff: unencrypted security questions and answers as well as full names. It’s troubling that this data was unencrypted at all; security questions are often re-used between sites and provide full account access.

The Relevant Details

With the theft potentially including a variety of personal data from names to telephone numbers to security question answers, users of this global service have been put at risk. Possibly the largest attack of its kind in terms of user accounts penetrated, the FBI is involved in the investigation though has yet to make any comments on the allegations that the attack may have come from outside the USA, possibly from a foreign government. Though Yahoo! hasn’t revealed the evidence which has led them to believe this attack may be state-sponsored, governments have in the past hacked email accounts to keep track of citizens or dissents, and there is some expert opinion suggesting that the 2010 Google Gmail hacking of accounts used by Chinese human rights activists may have been of such motivation.

Unfortunately, the discovery of the hack is most certainly not the end of the line. Stresses O’Brien, “The Yahoo! breach will likely lead to a long tail of harder to detect phishing attacks. For example, since Q2 2015, we’ve been tracking a resurgence in ‘Display Name’ spoof attacks, aimed especially at enterprise clients where the stakes are millions of dollars’ worth of damages. These attacks involve a criminal using a friendly name, e.g., that of a spouse, co-worker, or friend, but sending messages from an email address that isn’t the one the sender typically uses. This is often an attempt to trick people into divulging sensitive information – ‘I need the W2s for these employees for a wage study, can you send them to me?’ – or authorizing fraudulent invoice payments or wires. With the account credential loss involved here, we can expect these attacks to become more sophisticated, as these faked emails will come from the actual addresses of the spoofed sender, not “yourceo@c-level.co.”

What’s Next?

As if we’re not constantly reminded, ensuring you’re running the latest in cybersecurity solutions should be of top priority; furthermore, we all need to pay attention to standard security protocol, stay informed about potential risks, and follow fundamental security principles. The Yahoo! breach may still leave ordinary users at risk, especially if the information makes it onto the black market and is sold on. With many people using the same username, email address, and password for many online services, some of these sites storing financial information such as banking and credit card details, the transmittal of breached data further increases vulnerability. Resetting passwords for Yahoo! accounts isn’t enough; for those potentially affected, an overhaul of all online and network protection may be in order.

A wake-up call for many, whether users of Yahoo! or not, we’re reminded to review our accounts for suspicious activity, implement two-step authentication where possible, and take seriously the threats of phishing campaigns. Who knows what breaches are happening right now that we won’t be aware of for another two years?

By Jennifer Klostermann

Jennifer Klostermann

Jennifer Klostermann is an experienced writer with a Bachelor of Arts degree majoring in writing and performance arts. She has studied further in both the design and mechanical engineering fields, and worked in a variety of areas including market research, business and IT management, and engineering. An avid technophile, Jen is intrigued by all the latest innovations and trending advances, and is happiest immersed in technology.

Something went wrong. Please check your entries and try again.

CONTRIBUTORS

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a ...
3 Groundbreaking Wearables In The Travel Space

3 Groundbreaking Wearables In The Travel Space

3 Groundbreaking Wearables The advent of wearable technologies had many expecting a utopia free of 20th-century pains such as paper ...
Roundup Of Cloud Computing Forecasts, 2017

Roundup Of Cloud Computing Forecasts, 2017

Cloud Computing Forecasts Cloud computing is projected to increase from $67B in 2015 to $162B in 2020 attaining a compound ...
If 20 Famous Movie Quotes Were About Cloud Computing

If 20 Famous Movie Quotes Were About Cloud Computing

Cloud Computing and the Movies With a world dominated by mass and social media it is no surprise that pop ...
What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The ...
Magical

It’s Not Technology, It’s Magic. We Are Increasingly in a Magical Realm. Are Your Customers?

It’s Not Technology, It’s Magic “Any sufficiently advanced technology is indistinguishable from magic.” – Arthur C. Clarke. Are your customers ...
SPIES LIKE US ALL AGREE: “CLOUD HAS BEEN A GODSEND

SPIES LIKE US ALL AGREE: “CLOUD HAS BEEN A GODSEND

Cloud Has Been A Godsend “Cloud has been a godsend for folks trying to implement systems quickly and for us ...
Driving Transformation? It is possible to predict the future.

Driving Transformation? It is possible to predict the future.

Driving Transformation Previously, I wrote about the criticality of defining the Vision for your transformation - what is your real objective, how ...

NEWS

CIOs Cutting Through the Hype and Delivering Real Value from Machine Learning, Survey Shows 

CIOs Cutting Through the Hype and Delivering Real Value from Machine Learning, Survey Shows 

New survey reveals progressive CIOs tap machine learning to solve everyday work problems SANTA CLARA, Calif. – October 17, 2017– A ...
Toyota to test self-driving, talking cars by about 2020

Toyota to test self-driving, talking cars by about 2020

TOKYO (Reuters) - Toyota Motor Corp (7203.T) on Monday said it would begin testing self-driving electric cars around 2020, which ...
IBM’s cloud, cybersecurity and data analytics business rose 11 percent to $8.8 billion in the quarter

IBM’s cloud, cybersecurity and data analytics business rose 11 percent to $8.8 billion in the quarter

Big Blue back on the attack, analysts cautious (Reuters) - IBM shares surged 5 percent on Wednesday after the world’s ...

NEWSLETTER SUBSCRIBE

CloudTweaks has been a prominent influence covering cloud technologies since 2009. We have worked and continue to work with a tremendous number of writers, contributors and partners throughout the world – all of whom provide insights into the cloud business community. This information is provided to our Newsletter subscribers on a weekly basis - free of charge.

Subscribe to recieve our weekly collection of Best of Thought leadership, Technology news, Tweaks, Curated resource links, Excluisve promotions and our popular Comic series.

JOIN US

Something went wrong. Please check your entries and try again.