According to the report of Bree Fowler, AP Tech Writer, all those Yahoo emails, photos and other personal files stored online can easily be stolen, and there's little anyone can do about it.
The only saving grace, so far, is that the attackers apparently did not exploit the information for fraud. But their true motives remain a mystery.
While there are a number of straightforward measures all users should take to protect themselves, relatively few people actually do. And in this case, doing so wouldn't really have mattered. Even the most scrupulous individual countermeasures could only limit the damage.
"Yahoo users could have had immaculate computer security and still been the victim here," said Will Ackerly, chief technology officer at Virtru, a computer security firm he co-founded after working for eight years at the National Security Agency.
"Short of using encryption, there's no way to keep your email from being compromised in this kind of hack."
The mega breach disclosed last 14 December exposed more than a billion user accounts, the largest such attack in history. The company said the attack happened in August 2013, although Yahoo only discovered it recently. Worse, the company's announcement followed a similar announcement in September about a 2014 hack that Yahoo ascribed to an unnamed foreign government. That breach affected 500 million accounts.
Some experts believe the record-breaking amount of data stolen in the breach announced Wednesday also points to state-sponsored hackers in search of a specific target, which could be why three years later the data still hasn't been spotted for sale on the web. And neither Yahoo breach has yet been linked to online fraud or any specific repercussions for Yahoo users.
But their disclosure closely follows U.S. intelligence concerns about Russian hacking of Democratic emails during the presidential campaign — not to mention recent attacks on a major health insurer, a medical lab-test company and the government office that manages millions of federal employees.
"The lesson is clear: No organization is immune to compromise," said Jeff Hill, director of product management for cybersecurity consultant Prevalent. And since most of us are dependent on big organizations that hold our digital lives in their hands, in a broad sense that means no one is safe.
The hacks represent yet another stumble for the struggling Sunnyvale, California, company as it tries to reinvent itself. The breaches occurred during the reign of Yahoo CEO Marissa Mayer, a once-lauded leader who has been unable to turn around the company in the four years since she arrived.
The only saving grace, so far, is that the attackers apparently did not exploit the information for fraud. But their true motives remain a mystery.
While there are a number of straightforward measures all users should take to protect themselves, relatively few people actually do. And in this case, doing so wouldn't really have mattered. Even the most scrupulous individual countermeasures could only limit the damage.
"Yahoo users could have had immaculate computer security and still been the victim here," said Will Ackerly, chief technology officer at Virtru, a computer security firm he co-founded after working for eight years at the National Security Agency.
"Short of using encryption, there's no way to keep your email from being compromised in this kind of hack."
The mega breach disclosed last 14 December exposed more than a billion user accounts, the largest such attack in history. The company said the attack happened in August 2013, although Yahoo only discovered it recently. Worse, the company's announcement followed a similar announcement in September about a 2014 hack that Yahoo ascribed to an unnamed foreign government. That breach affected 500 million accounts.
Some experts believe the record-breaking amount of data stolen in the breach announced Wednesday also points to state-sponsored hackers in search of a specific target, which could be why three years later the data still hasn't been spotted for sale on the web. And neither Yahoo breach has yet been linked to online fraud or any specific repercussions for Yahoo users.
But their disclosure closely follows U.S. intelligence concerns about Russian hacking of Democratic emails during the presidential campaign — not to mention recent attacks on a major health insurer, a medical lab-test company and the government office that manages millions of federal employees.
"The lesson is clear: No organization is immune to compromise," said Jeff Hill, director of product management for cybersecurity consultant Prevalent. And since most of us are dependent on big organizations that hold our digital lives in their hands, in a broad sense that means no one is safe.
The hacks represent yet another stumble for the struggling Sunnyvale, California, company as it tries to reinvent itself. The breaches occurred during the reign of Yahoo CEO Marissa Mayer, a once-lauded leader who has been unable to turn around the company in the four years since she arrived.
No comments:
Post a Comment