The Biggest Hack of User Data Just Got Bigger
The biggest known hack of user data has just gotten bigger, but the hack itself is not new.
Ten months after Yahoo’s disclosure that a billion of its user’s accounts had been compromised, Yahoo revealed the incident actually exposed every Yahoo account that existed at the time – a cool three billion. Three times what had been the largest known hack of user data.
“It looked to us when we originally read all the information that [the breach] must have impacted all the accounts,” says Jeremiah Grossman, who worked as an information security officer at Yahoo for two years in the early 2000s. The attackers “got so deep in the system, I couldn’t imagine why certain accounts would have been affected and not others.”
In a practical sense, this does not change much. Now if you had a Yahoo account, there is no doubt you were impacted, but you probably already took the appropriate steps since the breach was initially so huge. Yahoo took protective steps for all users last December such as resetting passwords and unencrypted security questions. Yahoo will also send emails to the additional affected accounts.
The small silver lining to the Yahoo breach is that no financial information was stolen, only names, email addresses, and passwords. With this kind of information, it is significantly easier to mitigate damage; changing your login information can largely protect you. More sensitive information like what was leaked in the Equifax breach can have a much larger negative impact since it is more difficult to change and easier to monetize.
This disclosure comes months after Yahoo’s recent acquisition by Verizon and merger with AOL in June. This acquisition was thrown into some doubt after Yahoo’s security breach disclosure last December. It only moved forward after a $350 million price cut and an added requirement that Yahoo split the cost of any legal liabilities resulting from the breaches.
The increased reach of the Yahoo breach is about as big as it gets. Only breaches in companies like Google or Facebook could compete to be on par with a breach of this scale. Even then, the next mega-breach would not be orders of magnitude bigger, according to Grossman.
For more information about proven security practices, get in touch with CyberStreams right away at (425) 2 or firstname.lastname@example.org.