Privacy Commission advisory on Yahoo breach

Posted on Sep 27 2016 - 12:30pm by Upgrade Staff

The National Privacy Commission (NPC) reiterated the recommendations of Yahoo and cybersecurity experts to Yahoo users to change their passwords on their Yahoo accounts. 

yahoo-security-issue

This follows after the compromise of half a billion user accounts from Yahoo’s servers in 2014 that was only discovered and confirmed by Yahoo this week. Below is what was posted on Yahoo’s email log-in page about the Account Security issue:

“We have confirmed, based on a recent investigation, that a copy of certain user account information was stolen from our network in late 2014 by what we believe is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. “

An investigation by Yahoo confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The ongoing investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network.

The company is now working with law enforcement authorities and notifying potentially affected users of ways they can further secure their accounts.

Other than changing their Yahoo log-in credentials, the NPC also recommends that Yahoo users change log-in credentials of their other online accounts where they might have used their Yahoo email for account verification purposes. The security questions on Yahoo might also have been compromised and it would be a good idea to revise the security questions or disable that feature.  The NPC also recommends activating two-part authentication to gain first time access to your account. Two-part authentication uses a phone number you provided to verify your identity.

READ:  Globe Community takes on digital media

According to commissioner Raymund Enriquez Liboro: “A compromised email account can be an avenue for a hacker to gain access to other personal on-line accounts of an individual, from social media sites to on-line payment portals. That is why it is important to maintain good password hygiene, use pass phrases with numbers or special characters instead of single words, take note of log-in attempts into your account/s that weren’t initiated by you, and change your password/s two to three times a year, or as many times as  you change your toothbrush.”

It was revealed at a Microsoft Cybersecurity Summit for government agencies that it takes an average of 502 days for system administrators to detect a security breach.

 

Related Posts

Fortinet reports first quarter 2017 financial resu... Fortinet announced its financial results for the first quarter that ended March 31. “In the first quarter, Fortinet delivered billings and reve...
Cyber criminals continue to use new tactics in car... Cyber criminals continue to use new tactics in carrying out attacks. This is according to the 2017 Symantec’s Internet Security Threat Report (ISTR), ...
Ziften collaborates with Microsoft, integrates its... Ziften, provider of visibility and control for client devices, servers, and cloud VMs, announced a business and technology collaboration with Microsof...
How safe is your online behavior? Researchers say ... Selecting a password or deciding whether an email is a phishing email or not are among countless security decisions you make on a regular basis. Are y...
Only 7% of malicious mobile apps apparent to users... Data from ESET on malicious mobile applications shows that only 7% of reported incidents on mobile applications are caused by straightforward malware....
10 Must-consider privacy & security apps for ... The new iPhone 7 comes with exciting new features: it's now waterproof, has a longer battery life and a better camera, among other things. The new pho...
Cylance recommended in NSS Labs’ First Next-genera... Cylance Inc., the company replacing traditional antivirus with AI-powered prevention that blocks everyday malware, announced that it earned the NSS La...
Symantec predictions for 2016 Today’s cybercriminals are skilled enough and sufficiently resourced to have the persistence and patience to carry out highly successful attacks on co...
Young adults most likely to lose phone, target of ... In the past year, over one-in-four young Internet users have lost their devices (17%) or had their devices stolen (13%), with a third  losing access t...
Obfuscation tools and cybercrime as unseen dangers By Derek Manky Global Security Strategist, FORTINET Ever since the arrival of advanced persistent threats, obfuscation technologies have exist...
About the Author

Leave A Response