sb-as logo
Story image

Yahoo data breach: Gemalto, Digital Shadows and TeleSign experts chime in

28 Sep 2016

As the Yahoo data breach continues to sort itself out, some big names in IT are speaking out about the entire ordeal. Gemalto, TeleSign and Digital Shadows have all released content surrounding the breach, showing that while it may be the biggest in history, it's not that uncommon and protection is seriously advised.

Gemalto's Andrew Gertz published a blog that analysed the sheer scale of data breaches over 2014. Including Yahoo, the overall breached account statistics in 2014 reached 1.5 billion compromised accounts.

Gemalto called it 'the year of mega breaches', and believes that the Yahoo breach is a record-setter. With 500 million accounts breached, it far exceeds MySpace's 427 million account breach, AliExpress's 300 million breach and Adobe's 152 million account breach.

Gemalto points out that Yahoo is selling off its internet and email assets to Verizon and it's not clear how the latest breach will impact the sale.

Michael Marriott, Digital Shadows security expert, believes that when analysing breach severity, there are six factors that should be considered: recoverable passwords, data sensitivity, dataset freshness, dataset transferability, data accuracy size and whether the data is from a public or private source.

Marriott says that while these factors are useful in and of themselves, they are better used when compared to other data breaches. Data from a private source is more valuable, and not all factors are equally weighted.

TeleSign, a mobile security provider, issued a statement showing that one company report showed 69% of security professionals believe usernames and passwords alone no longer provide sufficient security, yet 73% of online accounts are guarded by duplicate passwords.

On the consumer security side, 54% of consumers use five or fewer online passwords in their entire online life, and 47% rely on a password that hasn't been changed for five years.

Ryan Disraeli, TeleSign co-founder and vice president, says, "It is an unfortunate but true fact that mega breaches such as this are the new normal. As the world accepts this premise, it becomes that much more critical for people to turn on additional account security measures such as two-factor authentication (2FA). Once hackers have your user name and password from one account, it’s a quick step to accessing all the accounts you use those same credentials for."

"2FA is essential in mitigating the damage from breaches such as this. Emerging technologies, such as behavioral biometrics, will bring behind the scenes authentication, requiring less input from consumers, but until then consumers must wake up to the risk and use the available tools to protect their digital lives," Disraeli concludes.

Meanwhile in New Zealand, Spark has advised Yahoo Xtra customers to change their passwords and the Privacy Commissioner is monitoring breach progress.

Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Cybersecurity budgets still not keeping up with threats — report
Executive teams are failing to recognise the level of damage cyber-threats pose to organisations, according to Sophos — many of them taking a ‘conservative approach’ to cybersecurity expenditure.More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
ABB and Nozomi Networks extend collaboration, deliver improved OT security solutions
"With Nozomi Networks solutions added to our cybersecurity portfolio, our customers gain proven network monitoring and threat detection technology."More
Story image
Video: 10 Minute IT Jams - Who is Okta?
Okta is an identity and access management company, specialising in secure user authentication. It's an enterprise-grade identity management service, built for the cloud, but compatible with many on-premises applications.More