Yahoo's 6th major account breach

Just prior to Christmas,  Yahoo was forced to admit that over a billion users had their account names, email addresses, telephone numbers, passwords, birth dates, and security questions and answers stolen during a massive hack in August 2013.  The admission comes hot on the heels of the companies earlier notification that 500 million accounts were similarly breached in September 2014.  

Why is that a problem?  Because the failure of the company to advise its clients of the hack left users vulnerable to hacking and fraud across a range of internet-based services where common passwords and security questions etc. were used. The hackers had two years to utilise the information they gained, putting users at risk of significant financial consequences. Immediate disclosure of the hack by Yahoo would have allowed users to immediately change their passwords etc. – including on other sites where the same details were used –  thereby greatly mitigiating the amount of damage the hackers could do with the information.Yahoo may legitimately not have known that their database had been hacked for some time, however they have been criticised for their handling of the event and the delay in reporting. We're sure some hard lessons have been learnt by Yahoo, especially given the drop in the company's share price following the disclosure.

The lesson for us to take out of this is to have a unique password for each internet-based platform that you use (online banking; email account providers such as Office 365 and gmail; online sellers such as ebay, Trademe, and Amazon; music providers such as Spotify and itunes; and financial and accounting software such a MYOB and Xero).

The 'Ohnyx Guide to Cyber Security' has advice on password management plus a range of vital tips on keeping your online identity and details safe. You can click here or on the orange link above to open the article.