The Yahoo Data Breach is About More Than Just Your Yahoo Account.
In 2014, 500 million yahoo accounts were hacked into and information stolen. Unfortunately the breach wasn’t reported until the fall of 2016, the company reported that a state sponsored reporter was one that was behind the attack. The information was vital and included, dates of birth, mobile numbers, names, and even email addresses. Unfortunately more and more information is coming out still nearly 5 months after the announcement and over 2 years after the breach.
At the start of August 2016, claims emerged that a hacker by the name ‘Peace’ was out trying to sell the information of yahoo account users on the dark web- which is known as a black market that is responsible for harboring thousands of websites that are secret.
In these modern times when most people are accustomed to internet breaches, the size of this hacking is massive and has grabbed the attention of many. What is shocking is that there is a possibility that there is a country that is behind all these problems and that adds another level of shock to the mess.
Yahoo advises that all the users that haven’t changed their passwords since 2014 are endangered and should change them immediately. The company has tried to ensure that it has reported or notified its affected users to take the necessary steps to secure their accounts and ensure that they have changed their passwords. This security breach is a massive one and even those users that even don’t have yahoo accounts but operate others accounts are also affected.
These hackers can do more than you think with this data. That is why experts also recommend that account holders should change all their passwords and security questions and answers for all the accounts that they use similar information as the one that is contained in their yahoo account.
You are also warned not to click on links or even download any email attachments that seem to be suspicious on being updates from yahoo about the breach. What hackers do is that they use news of big breaches so that they are able to conduct some ‘phishing’ campaigns. If you get any communication that is demanding your personal information, you need to take care and caution before doing anything with it.
I know that most account holders think that there Yahoo account does not have much information (if any) that might be useful to hackers as it includes only their email and password. Unfortunately these simple details stolen from Yahoo provides a lot of important information that will give multiple uses to special hackers.
Let’s start off with the password. It has been reported by a survey done by Gartner that 50% of most users reuse their passwords across other major online platforms. That means that when the hackers are armed with such information, then they will have powers to access multiple other accounts online.
The technique that is used here is called ‘credential stuffing’ and has become an epidemic that has spread like a bush fire over the past year. What the bad guys strive to get is a list of IDs and passwords and then sits down and tests all of them day in and out at all the sites that they want to attack so that they are able to see where they work.
Once the hackers have an access to the accounts that they want, then they are able to assemble dossiers on individuals. Technologically, these are called ‘Fullz’ and include much information about the person that is in question. What is funny about these hackers is that they not only use these information to attack credit cards and even bank accounts, but it gives them security as they will be not easily traced by anyone out there.
The information that the hackers have is worth a lot of money on the black market. For instance they can get loyalty points at hotels and airlines, avatars and even points from online games. Once the information has been accessed, then it can be siphoned off, put together and then resold on the black market.