Story image

Yahoo data breach: Gemalto, Digital Shadows and TeleSign experts chime in

28 Sep 2016

As the Yahoo data breach continues to sort itself out, some big names in IT are speaking out about the entire ordeal. Gemalto, TeleSign and Digital Shadows have all released content surrounding the breach, showing that while it may be the biggest in history, it's not that uncommon and protection is seriously advised.

Gemalto's Andrew Gertz published a blog that analysed the sheer scale of data breaches over 2014. Including Yahoo, the overall breached account statistics in 2014 reached 1.5 billion compromised accounts.

Gemalto called it 'the year of mega breaches', and believes that the Yahoo breach is a record-setter. With 500 million accounts breached, it far exceeds MySpace's 427 million account breach, AliExpress's 300 million breach and Adobe's 152 million account breach.

Gemalto points out that Yahoo is selling off its internet and email assets to Verizon and it's not clear how the latest breach will impact the sale.

Michael Marriott, Digital Shadows security expert, believes that when analysing breach severity, there are six factors that should be considered: recoverable passwords, data sensitivity, dataset freshness, dataset transferability, data accuracy size and whether the data is from a public or private source.

Marriott says that while these factors are useful in and of themselves, they are better used when compared to other data breaches. Data from a private source is more valuable, and not all factors are equally weighted.

TeleSign, a mobile security provider, issued a statement showing that one company report showed 69% of security professionals believe usernames and passwords alone no longer provide sufficient security, yet 73% of online accounts are guarded by duplicate passwords.

On the consumer security side, 54% of consumers use five or fewer online passwords in their entire online life, and 47% rely on a password that hasn't been changed for five years.

Ryan Disraeli, TeleSign co-founder and vice president, says, "It is an unfortunate but true fact that mega breaches such as this are the new normal. As the world accepts this premise, it becomes that much more critical for people to turn on additional account security measures such as two-factor authentication (2FA). Once hackers have your user name and password from one account, it’s a quick step to accessing all the accounts you use those same credentials for."

"2FA is essential in mitigating the damage from breaches such as this. Emerging technologies, such as behavioral biometrics, will bring behind the scenes authentication, requiring less input from consumers, but until then consumers must wake up to the risk and use the available tools to protect their digital lives," Disraeli concludes.

Meanwhile in New Zealand, Spark has advised Yahoo Xtra customers to change their passwords and the Privacy Commissioner is monitoring breach progress.

Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.