Better Late Than Never? Yahoo Reveals 500 Million Affected From 2014 Hack

McGuireWoods LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Quick to blame a state-sponsored organization, Yahoo announced at least 500 million of their account holders had their information stolen – in 2014.

A statement released on September 22, 2016, by Yahoo’s Chief Information Security Officer, Bob Lord, says that the hackers likely have, “names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.” Yahoo says that the “on-going” investigation suggests no payment card data or bank account information was stolen. Nevertheless, they advise users to monitor their accounts for suspicious activity.

At this point Yahoo has revealed very little about the investigation. But its statement did say that there is “no evidence that the state-sponsored actor is currently in Yahoo’s network.”

What the statement noticeably does not say is why it took Yahoo so long to disclose the hack.  In August, cybercriminal “Peace” claimed to have account information for over 200 million Yahoo users. At the time, Yahoo confirmed it was aware of the claim, but it was unclear if it was legitimate and Yahoo made no statement regarding the security of user information. This begs the question, when did Yahoo become aware of the hack?

As the investigation continues Yahoo will be held accountable to answer that question as well as several others. And while it has barely been 24 hours since the announcement there are takeaways from Yahoo’s breach.  First, any business with sensitive information must always think defensively.  Assume your network is constantly under attack and prepare accordingly. Otherwise, be ready to explain to shareholders and customers why your network was compromised.  Secondly, routinely monitor your network – just because you did not detect the breach, does not mean the breach did not occur.  In other words, don’t wait for a cybercriminal on the dark web to start selling sensitive information stolen from your network before you secure your network.

And lastly, do not become complacent with your security. From low end hackers to state-sponsored organizations, criminals are constantly crafting new ways to steal data so your network must be equipped to handle the attacks.  Because whether we like it or not, data breaches are here to stay – just ask Yahoo and about 500 million users.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McGuireWoods LLP | Attorney Advertising

Written by:

McGuireWoods LLP
McGuireWoods LLP
Contact
more
less

McGuireWoods LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide