Tech giant reveals data from hack two years ago
Yahoo admitted yesterday that data from 550m of its users was stolen during a cyber attack on the tech giant in 2014.
The stolen information included names, email addresses, hashed passwords and dates of birth among other data.
The tech giant, which is working with law enforcement to investigate the breach, hinted that the hack may have been “state sponsored”.
Jamie Graves Ph.D, co- founder and CEO of cyber security company, ZoneFox.com, thinks that it’s “staggering” that it took Yahoo over two years to disclose the facts about the breach.
“Yahoo, which was recently acquired by Verizon, has stunned the world by announcing what is thought to be the largest data-breach to-date. 500 million user records are thought to be have been lost, with at least 200m already confirmed for sale on the Dark Web.
“Yahoo claims that it was compromised be a nation state, which means that a hacking team with the resources of a government had penetrated their defences. This type of attack is often difficult to defend against, and a number of other well defended organisations have fallen victim to this type of attack.
“Although the size of the breach is staggering, what has stunned the industry most is the fact that it has taken Yahoo 2 years to disclose. In this time, a great deal of additional harm will have occurred to the comprised accounts ranging from account hijacking through to identity theft and fraud.
“The Yahoo attack highlights the reason why good detection capabilities, aligned with laws that force this form of disclosure in a short period, such as the GDPR, are crucial to help protect personal information. Furthermore, organisations must not only have rigorous Cyber Security measures in place but also a disaster recovery plan to respond immediately to a breach if the, sometimes, inevitable occurs.”