sb-as logo
Story image

Yahoo data breach: Gemalto, Digital Shadows and TeleSign experts chime in

28 Sep 2016

As the Yahoo data breach continues to sort itself out, some big names in IT are speaking out about the entire ordeal. Gemalto, TeleSign and Digital Shadows have all released content surrounding the breach, showing that while it may be the biggest in history, it's not that uncommon and protection is seriously advised.

Gemalto's Andrew Gertz published a blog that analysed the sheer scale of data breaches over 2014. Including Yahoo, the overall breached account statistics in 2014 reached 1.5 billion compromised accounts.

Gemalto called it 'the year of mega breaches', and believes that the Yahoo breach is a record-setter. With 500 million accounts breached, it far exceeds MySpace's 427 million account breach, AliExpress's 300 million breach and Adobe's 152 million account breach.

Gemalto points out that Yahoo is selling off its internet and email assets to Verizon and it's not clear how the latest breach will impact the sale.

Michael Marriott, Digital Shadows security expert, believes that when analysing breach severity, there are six factors that should be considered: recoverable passwords, data sensitivity, dataset freshness, dataset transferability, data accuracy size and whether the data is from a public or private source.

Marriott says that while these factors are useful in and of themselves, they are better used when compared to other data breaches. Data from a private source is more valuable, and not all factors are equally weighted.

TeleSign, a mobile security provider, issued a statement showing that one company report showed 69% of security professionals believe usernames and passwords alone no longer provide sufficient security, yet 73% of online accounts are guarded by duplicate passwords.

On the consumer security side, 54% of consumers use five or fewer online passwords in their entire online life, and 47% rely on a password that hasn't been changed for five years.

Ryan Disraeli, TeleSign co-founder and vice president, says, "It is an unfortunate but true fact that mega breaches such as this are the new normal. As the world accepts this premise, it becomes that much more critical for people to turn on additional account security measures such as two-factor authentication (2FA). Once hackers have your user name and password from one account, it’s a quick step to accessing all the accounts you use those same credentials for."

"2FA is essential in mitigating the damage from breaches such as this. Emerging technologies, such as behavioral biometrics, will bring behind the scenes authentication, requiring less input from consumers, but until then consumers must wake up to the risk and use the available tools to protect their digital lives," Disraeli concludes.

Meanwhile in New Zealand, Spark has advised Yahoo Xtra customers to change their passwords and the Privacy Commissioner is monitoring breach progress.

Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
Protegrity rolls out updates to data protection platform
Protegrity has updated its Protegrity Data Protection Platform to better secure sensitive data in hybrid-cloud, multi-cloud and SaaS environments.More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More
Story image
How to address cyber-threats as a strategic risk
Becoming a cyber-secure organisation in the face of an evolving threat landscape requires a strategic, business-focused approach to security as opposed to a tactical approach in which security is addressed simply by implementing new tools.More
Story image
Surfshark rolls out WireGuard open source VPN protocol
When there is less code in a VPN, it is less susceptible to security vulnerabilities due to easier configuration and management, according to Surfshark.More