Yahoo Finally Confesses: 500 Million Users Were Hacked
Experts say it could the biggest hack ever in terms of scale.
In comparison, a LinkedIn hack in 2012 affected 117 million accounts, and it was announced earlier this year that 360 million MySpace accounts were compromised.
The company said it believes a “state-sponsored actor” was behind the data breach, meaning an individual acting on behalf of a government. The breach is said to have occurred in late 2014. “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in a statement. What changes can you make as an online e-commerce consumer to help ward off would-be hackers? Improve your security questions and the use of two-factor authentication.
Yahoo urges users to change their password and security questions. But unless you answer wisely, using security questions to avoid getting hacked is fairly useless. Sites like Yahoo use security questions like “What was the name of your first school?” or “What is your mother’s maiden name?” to recover a user’s account if the password is forgotten. These questions are problematic because the internet has made public record searches a snap and the answers are usually easy to guess.
In a recent study, security researchers at Google found that with a single guess, an attacker would have a 19.7 percent chance of duplicating an English-speaking user’s answer to the question, “What is your favorite food?” (It was pizza.) Instead, give an answer only you would know. Perhaps it’s “Chilean Completo with tomatoes and palta” or “On the Border chips with mild salsa.” Remember, your answer doesn’t even have to be food. You just have to know the answer. “S(DsJNE*nd7f” would still work in the field provided.
Two Factor Authentication, also known as 2FA, two-step verification, or TFA (as an acronym), is an extra layer of security that is known as “multi-factor authentication” that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token.
Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person’s personal data or identity. Using a Two Factor Authentication process can help to lower the number of cases of identity theft on the Internet, as well as phishing via email because the criminal would need more than just the user’s name and password details.
With over 5 billion mobile phones in use, turning a phone into an authentication device quickly solves the need and additional cost and delays of sending out hardware tokens. Then, when you enter your password, you will receive a message (usually a text) with a one-time code that you must enter before you can log in. Many bank sites and major sites like Google and Apple offer two-factor authentication. In some cases, the second authentication is required only if you are logging in from a new computer.
Hacks like the one that happened to Yahoo are getting more common, with twenty WordPress sites getting hacked every minute. So utilize scrambled security questions and as an e-commerce consumer, make sure that the sites you do business with offer two-factor authentication.