In late September of 2016, Yahoo! announced a massive security breach whereby hackers stole information from around half of their one billion users. The catch? The security breach occurred in 2014.
Data from the Ponemon Institute shows that the average time it typically takes for companies to identify a breach is 191 days. It then takes, on average, 58 days to contain and resolve a breach. So how did a major email provider like Yahoo! let a security breach of this magnitude occur and consequently go unnoticed for two years? So far, there are no insights into how this happened.
The worst part about this particular breach is the far-reaching effects it may potentially have on Yahoo! users’ privacy. When The New York Times interviewed Alex Holden of Hold Security about this, he explained, “The stolen Yahoo! data is critical because it not only leads to a single system but to users’ connections to their banks, social media profiles, other financial services and users’ friends and family.” That’s true of all email hacks.
Here’s the deal: over 180 billion email messages are sent out every day. They come from Yahoo!, Gmail, Outlook, and other email providers — each of whom has its own method for encrypting email. It’s clear enough from this recent attack that it’s not enough to rely on providers’ encryption methods. As a user, you’ve got to take responsibility for your own email security and privacy.
If you want to stop waiting to be the victim, check out the infographic below to find out how you can fight back.
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky
View all comments