If you’re concerned about information security, you’re well aware of the Yahoo breach. Although the breach occurred in late 2014, Yahoo and its users started feeling the ramifications in September.
The company confirmed that data from at least 500 million user accounts were stolen, including names, email addresses, telephone numbers, dates of birth and “hashed” passwords. This may be the largest cybersecurity breach ever and the company believes it may have been the result of a state-sponsored actor. But it may be even worse than previously thought!
According to Business Insider, a former Yahoo insider estimated that the breach could have resulted in the theft of an estimated 1 billion to 3 billion accounts based on his knowledge of the database that was accessed. As the insider stated in the article, “That is what got compromised. The core crown jewels of Yahoo customer credentials.”
Whoaa… as if that’s not bad enough, Verizon was in the process of acquiring Yahoo! Hit the brakes on that deal because of the theft of those crown jewel assets. On October 13th, Craig Silliman, Verizon’s general counsel, told reporters that the company has “a reasonable basis” to suspect that the breach could have a meaningful financial impact on the deal. It was suggested that Verizon may look to renegotiate the deal or back out altogether.
With billions on the line, it’s time for enterprises to determine if their crown jewels are vulnerable. Pathlock offers a solution for application security monitoring that uncovers anomalies in the access and queries made to a company’s Universal Database. This solution would have raised a red flag to Yahoo that unusual activities were taking place. It highlights the fact that network segmentation and firewalling aren’t sufficient enough security measures. Continuous monitoring for atypical behaviors is also needed to provide the necessary indicators that a crown jewel asset is at risk.
Don’t wait for your company to make headlines about a breach. Contact Pathlock to learn how to protect your crown jewel assets.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.