After an investigation, Yahoo has confirmed that a data breach that occurred in 2013 affected all of its three billion user accounts. The breach was disclosed in December 2016 and Yahoo acknowledged that more than one billion accounts had likely been affected. Yahoo took action to protect all accounts, requiring all users to change their passwords and making unencrypted security questions invalid.
In a statement issued on 3 October, the extent of the hack was revealed by Oath, Yahoo’s Verizon-owned parent company.
The statement confirmed: “The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information. The company is continuing to work closely with law enforcement.”
Chandra McMahon, Verizon’s chief information security officer, added: “Verizon is committed to the highest standards of accountability and transparency, and we proactively work to ensure the safety and security of our users and networks in an evolving landscape of online threats. Our investment in Yahoo is allowing that team to continue to take significant steps to enhance their security, as well as benefit from Verizon’s experience and resources.”
Protect yourself from attacks
In response to the growing concern over ransomware and malware, IT Governance now provides a scalable solution for staff awareness training. Our Phishing and Ransomware – Human patch e-learning course explains the threats that ransomware presents to organisations, and gives details of the resources available to help you understand and combat those threats. This ten-minute course provides an introduction to phishing and ransomware. We also offer a more detailed Phishing Staff Awareness Course.
Our three-day Cyber Health Check is ideal for large organisations. This includes on-site consultancy and audit, remote vulnerability assessments and an online staff survey in order to assess your cyber risk exposure and identify a practical route to minimise your risks. Receive a prioritised action plan for controlling your cyber risks in line with your risk appetite.
Visit our ransomware page to view all the services we offer to help your organisation combat threats.