“There are a couple of silver linings here. One is that it can’t get any worse, since the three billion compromised accounts represent Yahoo’s entire account database.”
Yahoo’s 2013 data breach affected three billion accounts, the company has now revealed.
It is yet another upsizing of the damage on Yahoo’s part, with the company initially having announced that the credentials of 200 million users had appeared for sale online, and later admitting that half a billion accounts had been compromised. Its latest revelation is the result, the company says, of collaboration with independent forensic investigators.
There are a couple of silver linings here. One is that it can’t get any worse, since the three billion compromised accounts represent Yahoo’s entire account database. The other is that the breached data did not include passwords in their original form, or payment or bank account data, according to Yahoo (though there’s always a chance that this revelation, too, will later be revised for the worse).
With the company having disclosed that it faced at least 41 class action lawsuits in a May securities filing, news of the revised breach impact offers yet another stark reminder of the importance of data security – all the more so given news of the recent Equifax data breach. Recently announced research from Gemalto indicates that data breaches increased substantially between 2016 and 2017, though Yahoo at least encrypted its data, albeit in an easy-to-decipher fashion, as Reuters reports.
Yahoo had also announced a biometric authentication feature for the Android version of Yahoo Mail just days after its first revision of its data breach reporting, which was obviously too little, too late for the company, but points toward a better understanding of how to protect user data going forward.
October 4, 2017 – by Alex Perala