Story image

Yahoo data breach: Gemalto, Digital Shadows and TeleSign experts chime in

28 Sep 16

As the Yahoo data breach continues to sort itself out, some big names in IT are speaking out about the entire ordeal. Gemalto, TeleSign and Digital Shadows have all released content surrounding the breach, showing that while it may be the biggest in history, it's not that uncommon and protection is seriously advised.

Gemalto's Andrew Gertz published a blog that analysed the sheer scale of data breaches over 2014. Including Yahoo, the overall breached account statistics in 2014 reached 1.5 billion compromised accounts.

Gemalto called it 'the year of mega breaches', and believes that the Yahoo breach is a record-setter. With 500 million accounts breached, it far exceeds MySpace's 427 million account breach, AliExpress's 300 million breach and Adobe's 152 million account breach.

Gemalto points out that Yahoo is selling off its internet and email assets to Verizon and it's not clear how the latest breach will impact the sale.

Michael Marriott, Digital Shadows security expert, believes that when analysing breach severity, there are six factors that should be considered: recoverable passwords, data sensitivity, dataset freshness, dataset transferability, data accuracy size and whether the data is from a public or private source.

Marriott says that while these factors are useful in and of themselves, they are better used when compared to other data breaches. Data from a private source is more valuable, and not all factors are equally weighted.

TeleSign, a mobile security provider, issued a statement showing that one company report showed 69% of security professionals believe usernames and passwords alone no longer provide sufficient security, yet 73% of online accounts are guarded by duplicate passwords.

On the consumer security side, 54% of consumers use five or fewer online passwords in their entire online life, and 47% rely on a password that hasn't been changed for five years.

Ryan Disraeli, TeleSign co-founder and vice president, says, "It is an unfortunate but true fact that mega breaches such as this are the new normal. As the world accepts this premise, it becomes that much more critical for people to turn on additional account security measures such as two-factor authentication (2FA). Once hackers have your user name and password from one account, it’s a quick step to accessing all the accounts you use those same credentials for."

"2FA is essential in mitigating the damage from breaches such as this. Emerging technologies, such as behavioral biometrics, will bring behind the scenes authentication, requiring less input from consumers, but until then consumers must wake up to the risk and use the available tools to protect their digital lives," Disraeli concludes.

Meanwhile in New Zealand, Spark has advised Yahoo Xtra customers to change their passwords and the Privacy Commissioner is monitoring breach progress.

NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."
How IoT and hybrid cloud will change in 2019
"Traditional VPN software solutions are obsolete for the new IT reality of hybrid and multi-cloud."
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
GCSB's CORTEX project scoops iSANZ Award
“I believe this award is particularly significant as it is acknowledgement from our peers in the information security industry and from across the private sector."
NZ firms lack cybersecurity confidence, HP survey says
Out of 434 of New Zealand’s small and large businesses, only half (50%) feel confident that they would be able to cope if they experienced a significant cybersecurity breach.
SonicWall secures hybrid clouds by simplifying firewall deployment
Once new products are brought online in remote locations, administrators can manage local and distributed networks.