As the Yahoo data breach continues to sort itself out, some big names in IT are speaking out about the entire ordeal. Gemalto, TeleSign and Digital Shadows have all released content surrounding the breach, showing that while it may be the biggest in history, it's not that uncommon and protection is seriously advised.
Gemalto's Andrew Gertz published a blog that analysed the sheer scale of data breaches over 2014. Including Yahoo, the overall breached account statistics in 2014 reached 1.5 billion compromised accounts.
Gemalto called it 'the year of mega breaches', and believes that the Yahoo breach is a record-setter. With 500 million accounts breached, it far exceeds MySpace's 427 million account breach, AliExpress's 300 million breach and Adobe's 152 million account breach.
Gemalto points out that Yahoo is selling off its internet and email assets to Verizon and it's not clear how the latest breach will impact the sale.
Michael Marriott, Digital Shadows security expert, believes that when analysing breach severity, there are six factors that should be considered: recoverable passwords, data sensitivity, dataset freshness, dataset transferability, data accuracy size and whether the data is from a public or private source.
Marriott says that while these factors are useful in and of themselves, they are better used when compared to other data breaches. Data from a private source is more valuable, and not all factors are equally weighted.
TeleSign, a mobile security provider, issued a statement showing that one company report showed 69% of security professionals believe usernames and passwords alone no longer provide sufficient security, yet 73% of online accounts are guarded by duplicate passwords.
On the consumer security side, 54% of consumers use five or fewer online passwords in their entire online life, and 47% rely on a password that hasn't been changed for five years.
Ryan Disraeli, TeleSign co-founder and vice president, says, "It is an unfortunate but true fact that mega breaches such as this are the new normal. As the world accepts this premise, it becomes that much more critical for people to turn on additional account security measures such as two-factor authentication (2FA). Once hackers have your user name and password from one account, it’s a quick step to accessing all the accounts you use those same credentials for."
"2FA is essential in mitigating the damage from breaches such as this. Emerging technologies, such as behavioral biometrics, will bring behind the scenes authentication, requiring less input from consumers, but until then consumers must wake up to the risk and use the available tools to protect their digital lives," Disraeli concludes.
Meanwhile in New Zealand, Spark has advised Yahoo Xtra customers to change their passwords and the Privacy Commissioner is monitoring breach progress.