Yahoo Mail suffers another cyber attack

Have you checked your yahoo account this morning? I suggest you do. Yesterday Yahoo announced that its email service had suffered a cyber attack, resulting in the usernames and passwords of an undisclosed amount of users being compromised.

It’s always fun isn’t it when they don’t tell you how many accounts have been affected. 3? 3,000? 3 million?! (For the record Yahoo has 273 million accounts worldwide). Anyway, best to log in (if you can) and get that password changed. Something like your birthday, password 123 or qwerty should be fine. Sorry I’m being flippant (it sometimes happens on a Friday). It’s just that I discovered this week that 40% of all passwords appeared in the top 100 list of passwords. Basically a bunch of keys for hackers. Try enough locks and you’re going to open 40% of doors.

Anyway, back to Yahoo. In a blog published on their website yesterday they stated:

Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.

What’s the potential damage, I hear you ask. Well it could be anything from targeting email addresses for spam or scam messages to using the details for banking and shopping sites. Add in the fact many of us use the same password across multiple sites, and that if a hacker had access to your email account they could simply send themselves a password reminder, and the alarm bells start ringing.

It’s Friday so I’m not going to lay any particular blame at anyone’s door. You can draw your own conclusions. What I will say is this: we all need to do more.

Individuals need to use better, stronger (and not repeated!) passwords and educate themselves of how to be safer on the internet. Organisations need to do more to secure their data bases, networks and our personal information. We’ve been living in the digital world for a while now. It’s time everyone took more responsibility for their digital existence.

Take advantage of IT Governance’s free resources: