Steve Smith talks about Yahoo's database breach, bad data security policies, and the sale to 3 or more groups on the Dark Web.
Episode #7-16 released on December 17, 2016
Yahoo is back in the news again, as the again disclose a hack of their database of over a billion accounts, and the Internet giant goes wild with ways to protect your accounts from being hacked, while, only now, requiring users to change their passwords. It is only recently that this Internet giant, Yahoo, started implementing 2FA methods, and the entire thing is putting a strain on their sale to Verizon, but why?
First, regardless of how you look at it, it took Yahoo 3 years to disclose the breach, which is slow by any metric. Any details or methodology to protect yourself now, is now, for all intents and purposes, too late to apply. Anything said at this point is the same as explaining to a dead person hit by a car, how not to be hit by a car, which the entire time, the driver hit them while they stood on the sidewalk, if you think about it.
Second, regardless of how Yahoo spins this, they were the ones hacked, and that hack affects you. If you have, for the past 3 or more years used proper password methodologies to protect your other accounts, the only account that was affected, was your Yahoo account, and other connected assets like Flickr. Since, the only thing you can do now, is protect your Yahoo account by changing your password, security questions and answers, and enabling two-factor authentication, you may want to consider shutting down your account unless you absolutely need it still.
Third, Yahoo's data policies regarding user accounts. We, the people, need to know starting now, how Yahoo intends to prevent, out right, any future breaches, or protect data in case it is stolen. It is not always possible to prevent hacks that result in the database being stolen, whether it was an external, or internal hack, but protecting the data in the database, must be paramount. This means, total, absolute, user data encryption must be enforced for the greater good. We aren't running a web-site in 1995, we are in a different time altogether. Encryption is so important these days, that even the way things are encrypted is something people should know.
Fourth, because of the lack of vision of Yahoo, the database, which was stolen years ago, was bought a minimum of 3 times for $300K USD, by two prominent spammers, and one who may have been connected to espionage tactics.
Which brings me to my last point, Yahoo, programmer to programmers, encryption of user data, especially today, is possible, even with currently stored data. If I can spend months, by myself, coding a new engine for brand new sites, and even mechanisms to convert old databases into fully encrypted accounts, what is your excuse? Especially, with all the talent you have currently employed that could achieve all that in a fraction of the time.
Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net