Back to blog

The 500 Million Yahoo Record Breach Is Now Small Potatoes

Pathlock
December 15, 2016

The 500 Million Yahoo Record Breach Is Now Small Potatoes

Ooops… they did it again… Yahoo just announced that it uncovered a breach of more than one billion users accounts that occurred in August 2013. As everyone remembers, Yahoo reported a separate breach of 500 million user accounts back in September. So what’s the financial impact of this latest breach? It could be $4.83 billion – the amount that Verizon was going to spend to buy Yahoo. And that’s not including any possible class action lawsuits and the erosion of their brand. The latest breach is said to include names, email addresses, telephone numbers, dates of birth, hashed passwords, and even encrypted or unencrypted security questions and answers. But don’t think the hashed passwords are protected. They used an old algorithm that is now easy to uncover. When interviewed by The Guardian about this breach, Bruce Schneier, a cryptologist and one of the world’s most respected security experts, said: “Yahoo badly screwed up. They weren’t taking security seriously and that’s now very clear. I would have trouble trusting Yahoo going forward.” The Guardian also reported how this year’s list of hacks and data breaches points to a worrying trend. Hackers are no longer targeting corporate networks for gain, instead going after sensitive data hiding in plain sight within personal information and correspondence. With billions on the line, it’s time for enterprises to determine if their crown jewels are vulnerable. Pathlock offers a solution for application security monitoring that uncovers anomalies in the access and queries made to a company’s Universal Database. This solution would have raised a red flag to Yahoo that unusual activities were taking place. It highlights the fact that network segmentation and firewalling aren’t sufficient enough security measures. Continuous monitoring for atypical behaviors is also needed to provide the necessary indicators that a crown jewel asset is at risk. Don’t wait for your company to make headlines about a breach. Contact Pathlock to learn how to protect your crown jewel assets.