We’re really hoping that not all our hot topics will be about security breaches.
This one is too important to miss though. Yahoo! has recently announced that in August 2013 more than 1 BILLION user accounts were breached. Leaked information includes names, email addresses, telephone numbers, hashed passwords (using the weak, easy-to-crack MD5 algorithm), dates of birth, and in some cases, encrypted or unencrypted security questions and answers.
The most concerning parts of this breach are:
1. It’s taken Yahoo! over 3 years to tell us. They didn’t knowingly sit on this information for so long, but their intrusion detection systems didn’t pick this up and alert them in a timely manner. That’s our biggest reason for recommending that you close any Yahoo accounts. Yahoo have admitted that they have not been able to identify the intrusion associated with this data theft. Eeek.
2. Yahoo have said that hackers have accessed their proprietary source code. That’s the software they have built to run their systems. The hackers have taken this information and have created fake (forged) cookies, that mimic your logged in session without needing your password. Apart from this account security breach, if hackers have accessed Yahoo’s source code, we can’t be sure what else they have access to or what they will do.
In today’s online world, companies have a responsibility to react quickly to security breaches and fix security holes.
Given the nature of this breach we have no faith in Yahoo’s ability to do this, and recommend that you close any Yahoo accounts.
In Australia, here’s the instructions for closing your account (known as Yahoo7!) https://au.help.yahoo.com/kb/SLN2044.html