By Declan Dunn, TechViews.org …..
Yahoo has announced another huge security breach totaling over 1 BILLION user accounts, leaving its users fretting once again about their personal information. That’s roughly double the number involved in the cybersecurity incident it announced in September, which is believed to be separate.
The problem is it happened all the way back in August 2013. That means whoever plundered the information has had more than three years to exploit it, security experts say.
The security firm, InfoArmor, has shared its findings with law enforcement agencies in the U.S., U.K., Australia and Europe. It said the stolen database it found also has information relating to over 150,000 U.S. government and military employees.
Investigators of online black markets say there was always chatter among underground dealers that someone had made away with a massive trove of information from the internet firm. The massive size of the information breach wasn’t clear until now.
“The lesson is clear: no organization is immune to compromise,” said Jeff Hill, director of product management for security provider Prevalent. “Criminal actors can do significant damage in days and weeks; give them years, and all bets are off.”
So What Now?
Use different passwords for ALL online accounts
People who create a really strong password for one site but then use it across others are vulnerable to attacks, said Shuman Ghosemajumder, chief technology officer of Shape Security.
Having your credentials stolen “opens the door to all of your other online accounts” he said. Hackers obtained more than just names and passwords in the Yahoo breach – they also nabbed answers to security questions. Cybercriminals can use that info to conduct automated attacks called “credential stuffing.”
That’s when hackers take the stolen information of millions of users and build a profile that tries to log in to other online accounts like banking, retail and airline rewards.
Yahoo is advising people to change the passwords and security answers on any other accounts for which they used the same or similar information as their Yahoo account.
Beware of emails asking for more information
Hackers can use stolen credentials to craft emails that have the veneer of legitimacy, Phishing, as it’s commonly called. Such emails might disclose the answer you gave to a security question, for example, and then ask if it’s still up to date and request more information.
Be extra cautious about clicking on links or opening downloads from unknown email addresses. And NEVER share any account information or passwords over email.
Block access to your credit report
Hackers who have valuable credentials will often try to open a credit card or a small loan in your name.
When that happens, the first thing a bank will do is run a credit check. If you’ve put a freeze on your credit report, you will be alerted that an institution is trying to run a check and can flag that you didn’t request it.
“I would strongly recommend it, especially if you have a Yahoo account,” Ghosemajumder said.
But what about closing accounts? After two major breaches, is it time to say goodbye to Yahoo? “If you don’t have confidence [in Yahoo] in the future, that’s a personal decision people need to make,” Ghosemajumder said.
Please Subscribe for free on the right panel to receive updates as soon as they are published.
And please comment below, or visit our “Comments and Discussion” page and tell us what you think.