Advice for Solution Providers After Massive Yahoo Breach

Written by James Anderson
December 15, 2016

Yahoo reported that hackers stole data from more than 1 billion of its user accounts.

Yahoo says hackers have stolen data from more than 1 billion of its user accounts.

The information giant announced Wednesday that forensic experts finished analyzing stolen data provided by law enforcement. Yahoo concluded that the data belonged to Yahoo accounts before an “unauthorized third party” stole it in August 2013.

Frost & Sullivan's Michael Suby It bears repeating that the number of hacked accounts is more than 1 billion.

“For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,” the company wrote. “The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.”

The company said the hack was most likely separate from the attack that it disclosed on Sept. 22. Yahoo said at the time that user information from about 500 million accounts had been stolen what it called a “state-sponsored actor.”

Yahoo has been encouraging users to reset their passwords and be on the lookout for phishing emails.{ad}

Michael Suby, Frost & Sullivan’s Stratecast vice president of research, outlined for us strategies that businesses and their solution providers can take to mitigate the related risk.

“They, businesses, should take steps now to have, at minimum, their Yahoo-affected employees change their business passwords if there was reuse of the Yahoo password. Second, they should take this occasion to emphasize to their employees that passwords should be complex (“unguessable”), unique for each system/application, and periodically changed. Separately, with or without a managed-security services provider, they should be monitoring employees’ system and application access to detect abnormal behaviors and assess user’s access permissions, particularly for those with privileged access (e.g., system administrators) and narrow permissions, down to ‘least privileged,’” he said.

The security experts at Sophos also weighed in with best-practices guidance for partners and IT managers.

“While the Yahoo data breach impacts consumers, it is important to note that businesses of all sizes are vulnerable to data breaches and the best defense is an integrated, layered security approach,” said Erin Malone, Sophos VP of sales in North America. “Data theft processes evolve quickly, and businesses need to keep up with their security. Right now, partners have an opportunity to be a trusted advisor in offering a complete end-to-end security solution to stop advanced threats from getting in a customer environment in the first place. Partners should also consider solutions that have extensive reporting and analytics capabilities that allow customers the ability to quickly diagnose incidents when they do occur.”