Yahoo! suffers massive data hack

On October 3, Yahoo! announced corrected figures for a previous hack of customer information that occurred in 2013, admitting that the hack affected every user registered with their services.

The hack, which had been reported in late 2016 as affecting about 1 billion user accounts, actually affected approximately 3 billion victims. Hackers stole email information, names, and passwords, although Yahoo! says that financial information is safe. The 2013 hack, even as it was initially reported, was the biggest security breach in history; as reported now, the hack further secures its first-place ranking.

The hack was the largest of many Yahoo! data breaches that have occurred since 2012. The latest hack was announced in 2016, and affected some half billion users. While any company has its security flaws, Yahoo!’s are widely publicized due to the company’s size and prominence in the tech sphere. Yahoo! holds both first and second place in the list of worst hacks in history with their 2013 hack and one occurring in 2014. Verizon Communications purchased Yahoo in June of 2017 with plans to consolidate Yahoo properties into a collective called Oath. In light of the recent security breach announcement, Verizon lowered their acquisition price by $350 million, from $4.8 billion to $4.5 billion.

Paul Nast, Chief Information Officer at John Brown University, said that cybersecurity is very important to the JBU IT department. “I mean, it certainly is the underpinning of the whole system,” he said, “and, in some ways, it’s viewed as a utility. You know, the computer systems, they’re always up, and they need to be secure—until they’re not, and then, you know, people notice.”

Nast said that the most common attacks directly targeting JBU students and faculty are email phishing attacks. In this types of attack, a hacker will attempt to collect a person’s information or credit card details through an apparently innocuous email that often appears to come from a trusted source. Regarding awareness concerning digital safety, Nast said, “We try to keep some awareness campaigns going, you know, it’s helpful just to keep that dialogue going.” Among these campaigns are posters admonishing students to be wary of online security threats and humorous reminders placed in napkin-holders in the cafeteria.

Although most hackers can’t steal plain-text passwords, many companies (69 percent, according to a 2017 study) admit to using some outdated security methods. This means that passwords may sometimes be easily decrypted through techniques such as brute-force cracking or rainbow tables. In the former case, the hacker attempts to crack a password simply by trying out many different possible combinations, a process that can usually be greatly optimized as the hacker obtains more information about the victim. In the latter case, a hacker reverses the encryption process by checking the password against vast tables which may be obtained illegally or generated by the hacker. A cracked password on a single website is much more dangerous than most hacking victims realize. Users often reuse their passwords on multiple websites, and, thus, what begins as a troublesome hack of social media may result in a user’s credit card information being stolen.

Steve Helms, director of JBU’s upcoming Cybersecurity program, commented on the best practices students can employ to avoid having their information stolen. “Don’t reuse passwords—ever,” he said. In addition, Helms recommended students use a password manager such as LastPass or Dashlane to ensure passwords are secure across each website the user frequents.

Helms also recommended that students use a VPN to help secure their connections when connecting to potentially insecure networks such as café hotspots and airport WiFi. “Just because it says AT&T doesn’t mean it is AT&T.”

Helms said that he and some other members of the faculty have a simple solution for how to treat digital information. “We just operate under the assumption that somebody has our data,” he said. This approach ensures that he remains cautious about what he sends across the internet and that he takes proper security measures offline.

Whatever your experience with computer security, the scope of the leak at Yahoo! is a good reminder of the very present threat of hacking and digital theft, even to large companies that rely on promises of security to ensure that their customers remain loyal.

Nast warned students of the ubiquity of security threats: “If something looks suspicious, it’s okay to question it.”

Caleb Place – Copy Desk