Let’s talk about the massive Yahoo! data breach hitting the headlines. The short story is that over 500 million Yahoo! records containing names, emails, birth dates, security questions and other private data were dumped on the internet over 4 months ago and Yahoo! have only disclosed it now.
Not only that, but according to reports, upper management didn’t take their security problem seriously. They had their heads in the sand.
Former Yahoo information security head Alex Stamos tried aggressively to get management to act more strongly at the time, but he had not been successful.
– Recode
Clearly, they’ll be dealing with a world of hurt right now, scrambling to improve security, and somehow make good of a tarnished brand.
But where does this leave you? 500M people is a lot, so in my view you’re likely to be in one or both of the following situations.:
- You’re a Yahoo! account holder or user of other Yahoo! services like Flickr. In this case you want to go and update your passwords right now. If you happen to be one of the many millions suffering from “password re-use syndrome” then you better start changing password for you bank and all those other places you’re now exposed.
- You run a web or mobile app, software-as-a-service product, or any other form of software that allows people to sign in with their email address. Chances are many of your users have just had their details dumped online. It’s only a matter of time before someone uses them to access your kingdom.
Chances are many of your users have just had their details dumped online. It’s only a matter of time before someone uses them to access your kingdom.
Detecting compromised accounts
If you’re in latter group, then you need to think seriously about your response. Sure, sales and revenue might always trump security, but shit is starting to get real out there! For many business, a lack of focus on security is going to bite them in the ass.
For a long time now the default response has been to blame the user if their account gets breached. With the availability of new technology to detect breaches, contain threats, and assist users in protecting their accounts the onus is turning back to the app or service provider.
Power to the people – or the ones with the biggest social following. If one of your users has their account compromised, data stolen, or maliciously fiddled with then pushing the blame back on them could cost you dearly. Think of the PR nightmare and brand damage you get from just a single incident when the affected user takes to social media over their disappointment in your security precautions.
Act now
Every time another big breach happens a few more businesses wake up and start to make moves in the right direction. This is great news, as there is a ground swell of companies starting to take security to the next level by prioritising the protection of their users and most importantly their brand.