Yahoo’s
latest communique has firmly cemented its position as one of the most
untrustworthy data management/transferal outfits.
According
to a statement released by Bob Lord, Yahoo’s CISO, a recent
investigation discovered another embarrassing breach that dwarfs the
previous shameless record breach of 500 million users, also
held by Yahoo.
Lord’s
statement claims that the company was approached by law enforcement
in November 2016 with data that Yahoo analysts assessed and found
contains information on Yahoo user data. Lord states that the data
had been given to the unnamed law enforcement agency by an (unnamed)
‘third party’.
To
add to the overall atmosphere of incompetence that now surrounds Yahoo
the company also admits that their proprietary code has been
compromised and has been used to forge web security cookies.
The
data in question is believed to have been stolen in August 2013 by
an ‘unauthorized third party’.
Lord’s
blog posting puts the number of affected accounts at over one
billion, double the previous record.
As
of the time of writing the method of intrusion is unknown.
These
latest revelations are yet another brick in Yahoo’s extensive house
of security issues:
Yahoo
claim to be in the process of communicating their failure(s) with
their users. In the meantime they recommend:
Change
your passwords and security questions and answers for any other
accounts on which you used the same or similar information used for
your Yahoo account;
-
Review all of your accounts for suspicious activity;
-
Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information;
-
Avoid clicking on links or downloading attachments from suspicious emails; and
-
Consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.
Afritechnet
has one additional piece of advice:
Bob
Lord’s blog posting in its entirety:
https://yahoo.tumblr.com/post/154479236569/important-security-information-for-yahoo-users
0 comments:
Post a Comment