Yahoo has been at the receiving end of probably the two largest-recorded successful hacking attempts in the internet's history. While owners of Yahoo accounts were quite miffed with the company after it revealed that 500 million accounts were hacked two years ago, imagine their mood today once they learn that an ever bigger hack was orchestrated on Yahoo's e-mail server three years ago!
The startling fact is that in both cases, Yahoo came to know about them after they were highlighted by security experts. A number of experts previously wondered why Yahoo took two years to catch such a major data theft. The 2014 hack compromised private information like names, e-mail addresses, telephone numbers, date of births and hashed passwords of 500 million users. As it turns out, it was much worse the year before.
Yahoo reveals 2014 hack which compromised 500 million users
As reported by Bloomberg, among the one billion compromised users in 2013 were around 150,000 U.S. government and military employees including the likes of FBI agents, NSA agents, White House staff, congressmen, CIA staff, Director of National Intelligence' office, a number of diplomats posted abroad, chief of an Air Force intelligence group and a network administrator at NSA's Fort Meade headquarters. Also compromised were a number of U.S. military branches as well as an FBI division chief. The fact that these people and offices were compromised was first spotted by security expert Andrew Komarov who turned the information over to the government who in turn informed Yahoo.
If your account was part of the hack, there's very little you can do about it now since it happened three years ago. Komarov discovered that the hack was orchestrated by a group of Eastern European hackers who tried to sell the captured data to spammers and third parties for $300,000. Those who buy such data use your private information like calendar events, e-mail addresses, location and your travel plans which you may have discussed in your e-mails.
"The Yahoo hack makes cyber espionage extremely efficient. Personal information and contacts, e-mail messages, objects of interest, calendars and travel plans are key elements for intelligence gathering in the right hands. The difference of Yahoo hack between any other hack is that it may really destroy your privacy, and potentially have already destroyed it several years ago without your knowledge," Komarov told the Bloomberg.
When Apple and Google went to war, Amazon dropped its encryption pants
Aside from revealing that the massive hack occurred three years ago, Yahoo has also said that it has taken steps to secure user accounts and that it is working closely with law enforcement. The company hasn't elaborated on the steps taken not has it revealed why the hacks occurred in the first place. Questions can be asked about Yahoo's encryption practices and how serious the company is about respecting and protecting more than a billion users' privacy. The fact that hackers were able to steal a billion accounts in 2013 emboldened them to perform a similar strike next year and it is yet to be ascertained if these two hacks were the only ones that took place in recent years.
For existing Yahoo users, it would thus be prudent to shut down their e-mail addresses and go for other e-mail services which have a better record of encryption practices and have not been vulnerable to hacking attempts in the past. Google's Gmail service is protected by strong encryption and Google has also introduced new tools like adding muscle to two-factor authentications, letting customers add their own encryption keys to Google Cloud, cut down spam and handle volume of email through its Postmaster tool. Google also introduced a Data Loss Prevention tool last year which prevents sensitive and confidential data from getting leaked through email.
The Data Loss Prevention tool scans emails as well as attachments like documents, presentations and excel files for keywords that are predefined in the tool. Once the tool finds a match with sensitive or confidential information, it will take action. This way, you will now be completely sure that your employees will not, advertently or inadvertently, be able to pass on confidential data to vendors or third parties through email.