Yahoo Data Theft Good Reason to Regularly Change Passwords

In case you needed another reason for regularly changing your passwords, the recently-uncovered Yahoo hack of 500 million accounts is probably the reason of the decade so far. The hack and subsequent data theft involving half a billion Yahoo accounts is the largest of its kind – ever. Granted, it is Yahoo, where most people don’t send or store any sensitive data like payment card information (PCI) or other personally-identifiable or compromising information anyway, but it’s the principle of the thing. The Web-based giant has confirmed that the hacked information includes:

  • Names
  • Email addresses
  • Telephone numbers
  • Dates of birth
  • Hashed passwords (the vast majority with the password-hashing function bcrypt)
  • And, “in some cases,” encrypted or unencrypted security questions and answers.

Yahoo Serious?

Yahoo is alleging that the massive data breach “didn’t include unprotected passwords, payment card data, or bank account information.” The popular search engine and email host denies that it stores any payment card or bank account information in its database. And, although it blames a “state-sponsored actor” for the cyberattack (apparently from Russia, according to Yahoo and US intelligence officials), the fact remains that Yahoo allowed a hack of epic proportions to happen on its servers and domains, making the practical point clear to all of us: “Change and encrypt your passwords regularly.”

Yahoo Hack

The Yahoo hack resembles previous data breaches of huge Web-based giants like LinkedIn, Tumblr, and Adobe, as well as healthcare facility hacks where Ukrainian hackers claimed responsibility for at least one of them. This latest and biggest hack ever is so disconcerting, because the cyber breach occurred a full two years earlier. It repeats a pattern we have seen in these cybercrime cases where we don’t learn of the data thefts until well after they have happened. And, it’s also disconcerting for another glaring reason: Yahoo failed to inform its users of the hack and suggest a password reset in August 2016 when the news was first made public.

The Password-Changing Argument

There is great debate amongst white hat hackers and IT specialists on whether regular password changes are a good thing or not. The argument for seems to stem from situations like the Yahoo hack – basically, the “change when urgently required” rule. Studies have shown that routine password changes of every few months appear only to frustrate office staff, with new passwords only being variations on old ones anyway, and written on sticky notes attached to monitors, which defeats the purpose of safety. But, the pro-password change argument remains in serious cases like data breaches involving half a billion accounts.

The Takeaway

Basically, no one’s data is 100% safe online, even when supposedly protected over secure servers and databases. Too-frequent password changing may be just as risky as never changing them, so a happy medium here is prudent. A good rule of thumb is to stick with one hard-to-decrypt password, maybe alter a number or letter here and there, and never share any financial or personally-compromising information on unsecured channels of communication.

Fort Lauderdale Computer Networks
Network Services in Fort Lauderdale
Network Consulting in Fort Lauderdale
Fort Lauderdale Data Backup
Data Security Fort Lauderdale
 
Client Feedback

“We were having major problems with our email system. We reached out to the IT department of a trusted major law firm here in Miami who in turn recommended Lan Infotech and Michael Goldstein’s team of experts. I find everyone to be professional, knowledgeable and thorough. This gives me huge confidence that I am using a vendor I can trust and rely on.”

—Bart Garratt
HR & Tech. Coordinator
The Legal Aid Society
read more»

Featured IT Services Fort Lauderdale Articles

IT Consulting Advice for Fort Lauderdale: Taking Care of Your Employees Is Taking Care of Your Business!

Quid Pro Quo An IT consulting firm in Fort Lauderdale will usually advise that you get what you give. This is the core principle which defines most working relationships. The employer gives the em

Read more

Featured IT Services

IT Services Business Advice: Do You Really Need a Management Consultant in Fort Lauderdale?

Eliminate the Middleman IT services in Fort Lauderdale need not cost an arm and a leg to provide services your own organization could source internally. You want a consultation agency willing to he

Read more

Featured IT Services

Reasons Why IT Support in Fort Lauderdale is Necessary for Business Growth

IT support in Fort Lauderdale is turning out a necessity for most businesses. This can be pointed to the fact that embracing IT services helps to improve business productivity and efficiency. However,

Read more

Featured IT Services