As Verizon was in the process of closing the $4.83 billion deal to acquire Yahoo, news hit about the largest data breach ever. Rumors were swirling that Verizon may pull out of the deal but now comes word that they have agreed to a price cut of $250 to $350 million. In addition, it has been reported that Yahoo will share the costs and damages in any litigation as a result of the breaches they’ve experienced.
To make matters worse, Yahoo may have been breached a third time! This latest hack occurred between 2015 and 2016 using what Yahoo said was a forged cookie to gain access. Hackers were able to break into Yahoo’s internal servers, steal software, and then create these cookies to access user accounts even without a password. Yahoo believes that the attacker was a ‘state actor’ and the company submitted an SEC filing in October 2016 about the ongoing investigation.
That’s three major breaches announced during an acquisition. And it will cost Yahoo hundreds of millions of dollars. Not to mention the damage that has been done to their brand. One thing that has been hard to find is how many Yahoo users permanently closed their accounts and left the service after the announcements. And how many people have decided not to open new accounts!
With all this money on the line, it’s time for enterprises to determine if their crown jewels, such as Yahoo’s customer accounts, are vulnerable. Pathlock offers a solution for application security monitoring that uncovers anomalies in the access and queries made to a company’s Universal Database. This solution would have raised a red flag to Yahoo that unusual activities were taking place. It highlights the fact that network segmentation and firewalling aren’t sufficient enough security measures. Continuous monitoring for atypical behaviors is also needed to provide the necessary indicators that a crown jewel asset is at risk.
Don’t wait for your company to make headlines about a breach. Contact Pathlock to learn how to protect your crown jewel assets.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.