Yahoo: (how could it possibly be) Worse Than We Imagined

Here's a quick followup to September's post regarding Yahoo's admission that they had 500,000,000 accounts stolen back in 2014. (For those who lost count of the zeroes... that's 500 Million...)

Yahoo recently fessed up to another security breach... this one happened a year earlier than the aforementioned breach, and it's twice as bad, having affected 1,000,000,000 accounts (that's ONE BILLION).

Besides the sheer volume of the breach, this has very far reaching effect. Even if you do not have a Yahoo email account, Flickr is a Yahoo-owned service and those accounts are included in the breach. If you've had a Verizon phone in the past, then your email account was likely managed by Yahoo. And it doesn't end there... Many are advocating deleting all your Yahoo accounts, however it's not always that simple. Here are a couple of articles that may prove helpful:

HTTPS Is Coming to a Site (Very) Near You

I wanted to take a minute to let all of CommandB's clients know about some important security-related changes coming from Google. You may have heard about Google's increasing efforts to move all websites to using secured connections via HTTPS. In short, here's what's happening...

Currently, if a site is secured via HTTPS, then a padlock appears in the URL bar along with a green "https" next to the URL which most users have learned to associate with a secured website. | HTTPS indicator

If the site is NOT secured with HTTPS, then Google Chrome displays a neutral "info" icon next to the URL. If you click on this icon it tells you that the connection to the website is not private. | Chrome - No HTTPS

Secure Your Home Networks Now

Chances are that most of you maintain an acceptible level of network security at your offices, but can you say the same thing about your and your employees' home Internet connections? Considering that it's becoming more and more common for employees to perform at least a portion of their work from home, maintaining good home network security is almost as important as it is at the workplace.

Since most "normal" people aren't comfortable with the complexities of computer networking, manufacturers of network devices try to make things as simple as possible to set up. Unfortunately, this often leads to massive security problems... especially on low-cost network devices like routers, web cams, light bulbs and other cheaply made devices.

Yahoo is a Bunch of Yay-hoos

You might have heard recently that Yahoo has confirmed that they suffered a security breach and 500,000,000 (that's 1/2 a billion) user accounts were stolen - including names, logins, birthdays and security questions. This affects not only Yahoo, but Flickr and Tumblr as well.

And this actually happened in late 2014! So if you have an account on any of those sites and have not changed your password since then, you've been vulnerable this entire time. That is B.A.D.! So now is the time to change your passwords and security questions on those sites.

What's worse... if you've used those same credentials or security questions on other sites, you're now vulnerable there as well, as hackers always try to re-play stolen credentials on other, more valuable sites (e.g. your bank). So you'll need to change your credentials on those sites as well. (Remember... never ever re-use passwords.)

This is a perfect time to re-read my last post... Manage Those Passwords.

Manage Those Passwords

Password management is the bane of the typical computer user's existence. We're bombarded with websites that require a username and password, but how can we manage them all? Unfortunately, most people resort to one (or both) of the following systems:

  • Write them down
  • Find a good one and use it everywhere

Of those two options, using the same password everywhere is, by far, the worse option. It seems like every day we hear of one service or another who has been hacked and their user's data absconded with, including usernames and passwords. The first thing cyber criminals do with these credentials is try them out on high-value sites, such as banking and finance. So, as you might imagine, if you use the same credentials everywhere, these criminals now have the proverbial Keys to the Kingdom.


Subscribe to Front page feed