Yahoo! Hack Worse than Expected, 3 Billion Accounts Compromised
ECPI University Subject Matter Expert Weighs in on Ramifications and Possible Corrective Actions
When Yahoo first announced it had been hacked in August 2013, it was considered a cyber security breach of epic proportion. As it turns out, it was even worse than first reported. We are now learning that the depths of this crime run far deeper, to the tune of every single one of Yahoo’s customers. The new grand total: 3 billion accounts, including email, Flickr, Tumblr, and Fantasy.
According to one report, compromised data includes names, email addresses, and passwords, but no financial information. It has not yet been determined who was behind the 2013 break-in, but cybersecurity experts reported in December that the stolen data was up for sale on the dark web, a shadowy network only reachable using certain software.
Given current conditions, the likelihood of future attacks is certain. “In 2013, Ars Technica hackers managed to crack 90 percent of passwords using a combination of a dictionary and a brute-force-based attack,” says Dr. Keith Morneau, Dean of Computer and Information Science at ECPI University. “It did not matter the length of the password. That was four years ago. With the increasing power of computers today, the time it takes to hack passwords is getting smaller and smaller.
“The recent Yahoo hack shows that the password as a means of authentication is dead. Until we find an alternative to the password, these breaches are going to continue. You can have all the layers of security you want, but it only takes one user to give away the keys to the kingdom. Social engineering is the easiest way for hackers to gain access to systems today. Too many users click on attachments to emails that open systems up to hacking. You will be hacked. It is just a matter of when.”
Still, there are way to protect yourself, ways to make it harder for criminals to access your information. Dr. Morneau recommends two or more factor authentication, “Most mobile devices and systems support at least two-factor authentication today,” he says. “Make your password as long as you can. More than 10 characters is good. Make the password a phrase with a combination of numbers and special characters so you can remember it. There are many ways that two-factor authentication is handled. Each has it pros and cons. Using biometric data seems to be safer, but that can be hacked also. Hackers have been able to hack finger scanners and other scanners to gain access to your information. That is the first step. The next step is encrypt all personal identifiable information. Do not store it on your systems without encryption. In Windows, you can use bitlocker to do this.”
Dr. Morneau says you can also user personal VPNs, or virtual private networks, to encrypt communication from your computer to the outside world. “It is more extensive than just https on a browser,” he says. “Https encrypts just web traffic while VPNs encrypt all traffic. There are many personal VPNs on the market today. They allow you to browse the internet with more protection than you currently have. It is not 100 percent safe, but if you secure yourself using a series of these methods, you no longer become an easy target.
“By doing all of this, you will have more privacy and security, but do not think that you are anonymous. All services log user data and they do that for security reasons. If you give up the keys (password, personal identifiable information) to the kingdom, no amount of protection is going to help. Be vigilant and be skeptical of everything.”
Do you want to be one of those who helps stop hackers in their tracks? If you want to earn a cybersecurity degree, such as a Bachelor of Science in Computer and Information Science with a Major in Cyber and Network Security - Cybersecurity Track, consider ECPI University for the education you'll need to make a difference. For more information on this, or any of our other cybersecurity degrees, connect with a helpful ECPI University representative today.
It could be the Best Decision You Ever Make!
DISCLAIMER – ECPI University makes no claim, warranty, or guarantee as to actual employability or earning potential to current, past or future students or graduates of any educational program we offer. The ECPI University website is published for informational purposes only. Every effort is made to ensure the accuracy of information contained on the ECPI.edu domain; however, no warranty of accuracy is made. No contractual rights, either expressed or implied, are created by its content.
Gainful Employment Information – Cyber and Network Security - Bachelor’s
For more information about ECPI University or any of our programs click here: http://www.ecpi.edu/ or http://ow.ly/Ca1ya.