Yahoo! affirmed the largest data breaches in the history of the Internet in 2017
Yahoo! affirmed in October 2017 that all 3 billion of its user accounts were impacted, considered the largest discovered data breach in the history of the Internet. McMillan, Robert; Knutson, Ryan (October 3, 2017). “Yahoo Triples Estimate of Breached Accounts to 3 Billion”. The Wall Street Journal. Retrieved October 3, 2017. – Source
Yahoo CEO Marissa Mayer doesn´t use a passcode
NYU Professor Scott Galloway went on the record saying Yahoo CEO Marissa Mayer is the “most overpaid CEO in history.” In any way, her attitude to detail and how to deal with security was surprising. You may expect this “pretty blonde” attitude in fashion retail, but not from a global tech powerhouse like Yahoo. I wonder how she feels about 2FA.
How can you protect yourself against CEOs like Marissa Mayer?
With big data breaches, it might feel like there’s nothing you can do. But there are easy strategies to make yourself less vulnerable.
Unique account, unique password: Creating strong and unique passwords for every account is the best first step to protecting yourself against a breach. Use a password generator to create passwords for you. Unique passwords ensure that a breach at one website doesn’t result in a stolen account at another.
Protect your email: If a hacker has access to your email account, they can use password resets at most sites to get into other accounts. Consider creating an alternate email address for online signups. And be sure to turn on multi-factor authentication for your email account. That way someone will need to get your email credentials and have access to your phone in order to truly get into your email account.
Give fake answers to security questions: You know those silly security questions companies ask you so you can “prove” who you are? Don’t give real answers. Use the password generator to create random answers that you can then store in LastPass or similar tools.
Settlement in 2019
A Class Action Settlement has been proposed in litigation against Yahoo! Inc. (“Yahoo”) and Aabaco Small Business, LLC (together, called “Defendants” in this notice), relating to data breaches (malicious actors got into system and personal data was taken) occurring in 2013 through 2016, as well as to data security intrusions (malicious actors got into system but no data appears to have been taken) occurring in early 2012 (collectively, the “Data Breaches”)
2012 Data Security Intrusions:
From at least January through April 2012, at least two different malicious actors accessed Yahoo’s internal systems. The available evidence, however, does not reveal that user credentials, email accounts, or the contents of emails were taken out of Yahoo’s systems.
2013 Data Breach: In August 2013, malicious actors were able to gain access to Yahoo’s user database and took records for all existing Yahoo accounts—approximately three billion accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders. As a result, the actors may have also gained access to the contents of breached Yahoo accounts and, thus, any private information contained within users’ emails, calendars, and contacts.
2014 Data Breach: In November 2014, malicious actors were able to gain access to Yahoo’s user database and take records of approximately 500 million user accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders, and, as a result, the actors may have also gained access to the contents of breached Yahoo accounts, and thus, any private information contained within users’ emails, calendars, and contacts.