Security experts: ‘No one should have faith in Yahoo at this point’
Experts have attacked Yahoo’s weak security after the revelation it suffered a hack in 2013, which exposed the personal data of 1 billion users, just months after revealing a 500-million-user data breach from 2014.
The hack saw the potential theft of login details, personal details and any confidential or sensitive information contained within email correspondences. Yahoo provided the email services for BT and Sky customers, as well as other services.
Bruce Schneier, a cryptologist and one of the world’s most respected security experts, said: “Yahoo badly screwed up. They weren’t taking security seriously and that’s now very clear. I would have trouble trusting Yahoo going forward.”
Not only did Yahoo fail to prevent the breach, it also failed to detect the breach when it happened in 2013, only realising the intrusion and data theft after recently being notified by a third party. That left users unknowingly compromised for at least three years, vulnerable to identify theft among many other potential criminal uses of their personal data and passwords.
John Madelin, CEO at RelianceACSN and a former vice president responsible for the Verizon Data Breach Investigations Report, said: “We thought the previous breach of 500 million user accounts was huge, but 1 billion is monumental.”
Tyler Moffitt, senior threat research analyst at Webroot, said: “All of the data stolen, including emails, passwords and security questions, make a potent package for identify theft. The main email account has links to other online logins and the average user likely has password overlap with multiple accounts.”
Moffitt takes little comfort from Yahoo’s efforts to secure user accounts. He said: “These accounts have been compromised for years and the sheer number of them means they have already been a large source of identity theft. No one should have faith in Yahoo at this point.”
Failing to prevent a breach is just one aspect of Yahoo’s fiasco. Given the sheer number of user accounts and the volume of data each one contained, data security was crucial. Unfortunately Yahoo’s disregard for the safety of user data led to the use of out-dated security techniques.