Yahoo shocked the world in September when it reported a data breach involving 500 million compromised user accounts. Labeled a “mega-breach” this was the largest attack ever recorded. Until now. While investigating the first breach, Yahoo discovered a second, much larger breach, during which thieves stole data from 1 billion user accounts. The attack initially took place back in August 2013 and used an aging algorithm known as MD5 to access information such as user names, email addresses, telephone numbers, birth dates, and hashed passwords.
An attack of this magnitude only amplifies the need for a layered security approach that incorporates network, firewall, email and endpoint security. “This is going to help people understand that you just can’t get away with only one single solution. You have to have layered security, with multiple layers in hopes of stopping attacks,” said Sam Heard, president of Data Integrity Services in a recent CRN interview on the breach.
Following Yahoo’s September announcement, WatchGuard CTO Corey Nachreiner offered a few security best practices for concerned Yahoo users. Anyone worried about the safety of their private data after an announcement like this should be hypervigilant for spear phishing emails, reevaluate their account passwords and change their security questions.
You can read more about Yahoo’s latest data breach announcement at CRN.