{"id":2004,"date":"2016-09-23T08:50:39","date_gmt":"2016-09-23T07:50:39","guid":{"rendered":"https:\/\/www.ofcourseimright.com\/?p=2004"},"modified":"2016-09-23T12:48:53","modified_gmt":"2016-09-23T11:48:53","slug":"the-yahoo-breach-what-it-means-to-you","status":"publish","type":"post","link":"https:\/\/ofcourseimright.com\/?p=2004","title":{"rendered":"The Yahoo! Breach: What it means to you"},"content":{"rendered":"

\"yahoo\"Yesterday, Yahoo!<\/a> announced<\/a> that at least 500 million accounts have been breached.\u00a0 This means that information you gave Yahoo! may be in the hands of hackers, but it could also mean a lot more. The New York Times<\/a> has an excellent interactive tool t<\/a>oday that demonstrates how much of your information may have leaked, not just from Yahoo! but from other breaches.<\/p>\n

Not only should people change their Yahoo! passwords, but it is also important for people to review all<\/strong> passwords and information shared with Yahoo!\u00a0 In particular:<\/p>\n

    \n
  1. Many people use the same password across multiple accounts.\u00a0 If you did this, you should change passwords on all <\/strong> systems where that password was used.\u00a0 When you do, you should see to it that no passwords are shared between two systems.<\/li>\n
  2. Hackers are smart.\u00a0 If you only tweak the same password just a little bit for use on multiple systems, a determined hacker or more likely a determined script may well break into other accounts.\u00a0 For example, if your Yahoo! password was DogCatY! and your E-Bay Password were DogCatEBay, you should assume the E-Bay account is broken as well.<\/li>\n
  3. This means you should keep a secure<\/strong> record of what passwords are used where, for just this sort of eventuality.\u00a0 By \u201csecure\u201d I mean encrypted and local.\u00a0 Having two pristine USB keys (one for backup) is ideal, where the contents are encrypted at the application layer.\u00a0 I also make use of Firefox\u2019s password manager.\u00a0 That in itself is a risk, because if Firefox is hacked your passwords may be gone as well.<\/li>\n
  4. Unfortunately passwords may not be the only information hackers have. Yahoo! has previously made use of so-called \u201cbackup security questions\u201d.\u00a0 Not only is it important to disable those questions, but it is important to first review them to see where else you may have used them.\u00a0 Security questions are a horrible idea for many reasons: they may reveal private aspects of your life, much of which might be discovered anyway.\u00a0 Sites like United Airlines recently implemented security questions.\u00a0 My recommendation: choose random answers and record them in a secure place that is separate<\/strong> from your passwords.<\/li>\n
  5. It is possible that hackers may have read any email you received on Yahoo!\u00a0 In particular, one should review any financial accounts where information is transmitted to Yahoo!<\/li>\n
  6. Use of cloud-based storage as a backup for your passwords should be viewed with great suspicion.\u00a0 There have been a number of such tools that themselves have been found to be vulnerable.<\/li>\n
  7. Hackers may have your cell phone number, for those who use SMS as secondary authentication.\u00a0 While SMS is not secure communication, the chances of it being hacked are relatively low.\u00a0 The safest practice is not to rely solely on SMS for authentication.\u00a0 My bank uses both a secret and an SMS message, relying on the tried and true two-factor authentication approach of something you have and something you know.\u00a0 A better solution is a secret and an app with a secure push notification.\u00a0 This is what MasterCard has done in Europe.<\/li>\n<\/ol>\n

    These suggestions are good for the sort of mass breach that we are seeing with Yahoo!\u00a0 In addition, one has to be careful with the amount of trust placed in a cell phone.\u00a0 If the phone is lost, you should assume that hackers will be able to get into it.\u00a0 Keeping a record of the applications you use, particularly those that have financial or security implications, will help you recover from the loss.<\/p>\n

    These suggestions are written with the notion that Yahoo! is not going to be the only site that will have had this problem.\u00a0 Although not to this scale, we\u2019ve seen this sort of thing before, and we will see it again.\u00a0 I’ll have more to say about this from an industry perspective in a while.<\/p>\n


    \n    Yahoo<\/a> picture by Sebastian Bergmann<\/a> – originally posted to Flickr<\/a> as Yahoo!<\/a>, CC BY-SA 2.0<\/a>
    \n<\/small><\/p>\n","protected":false},"excerpt":{"rendered":"

    Steps you should take after the Yahoo! breach.<\/p>\n","protected":false},"author":172,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[87,11,9],"tags":[32,362,271,37,496,275],"class_list":["post-2004","post","type-post","status-publish","format-standard","hentry","category-internet","category-internet-consumer-identity","category-security","tag-cybercrime","tag-cybersecurity","tag-passwords","tag-privacy","tag-security","tag-yahoo"],"_links":{"self":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/users\/172"}],"replies":[{"embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2004"}],"version-history":[{"count":4,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2004\/revisions"}],"predecessor-version":[{"id":2014,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=\/wp\/v2\/posts\/2004\/revisions\/2014"}],"wp:attachment":[{"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ofcourseimright.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}