September 26, 2016 - Last week, Yahoo announced a massive data breach that impacts 500 million registered users of the company. That announcement has now triggered at least three separate class action lawsuits from customers in California, New York and Illinois. Those suits allege the company failed to take even the most basic of precautions to protect customer data. But what the suits fail to point out is that the information stolen by hackers could affect customers in ways that they have not even contemplated.
The data breach at Yahoo may be the largest single data breach in internet history. The breach apparently began in 2014 and went undetected by the company until recently. The hackers behind the breach were able to steal a wide variety of user information including names, email addresses and phone numbers, birth dates and unencrypted security questions & answers. At this time, the company doesn't believe that any credit card data was compromised.
As bad as the breach is for Yahoo, it has the potential to be much worse for the consumers that had their data stolen. What is especially disconcerting in the fact that millions of the breached records included the unencrypted security questions and answers mentioned above. Typically, these kinds of questions involve things like, "What was the name of your first pet?" Or, "What is your grandmother's middle name?" The answers to those questions aren't something that identity thieves can easily gain access to. And that is why they are so valuable.
Secure internet sites like banks and brokerage houses will often ask their customers to provide answers to security questions. Unfortunately, most sites that do this don't provide much variety in the security questions they ask. It's a pretty safe bet that if you go to five different websites that request this type of information, all of them will ask for your mother's maiden name, the name of your first pet, and the make and model of your first car.
Combine those questions with the fact that most consumers use the same name and password for every site they register on and you have a recipe for disaster. If your name and password on Yahoo is the same as for your bank and brokerage accounts, and your data was included in the breach, you need to change your password information on other websites immediately. If you wait, the next time you log into your bank's website, you could find your accounts are emptied out.
The only bright side to this data breach is that there doesn't appear to be any evidence of fraud from it, so far. But that could change at any time. ACCESS is advising that anyone who has ever had an account with Yahoo that they need to make sure that their user names and passwords on other sites are different from the ones they use on Yahoo.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|