Major Yahoo news has us concerned not only about the nature of the Yahoo hacks, but also about what has been done since then.
Back in December, we made recommendations to our clients and newsletter subscribers regarding use of Yahoo email. Prior to this, Yahoo had hinted that they were victims of state-sponsored cyberattacks.
Fast forward to today and the Justice Department has charged two members of Russian intelligence and two for-hire hackers with the FIRST major Yahoo breach. In a nutshell:
- The Russian agents hired hackers to access Yahoo for espionage.
- The hired hackers also used the email accounts for spam mail scams. Credit card and gift card information was found in the email.
- Over 500 million Yahoo accounts were compromised.
- According to the Justice Department statement, the Yahoo logins were used to break into other accounts, including those at other email providers.
After this news, we thought this was a good time to check on Yahoo Mail and their latest security. And unfortunately, this has prompted use to issue further recommendations in our newsletter.
There are also some key lessons here for everyone. The most important is the necessity of using different passwords for different accounts. In the aftermath of this first major Yahoo breach, many security experts were warning that using the same password for multiple accounts made it easier for cyber criminals to access more of your data.
Another lesson to learn is related to obtaining the credit card and gift card information. The easiest way to do this is through phishing for credentials, which was clearly done here. It becomes just as important as ever to not log into your accounts through links in email messages. Phishing is such a major criminal operation now, to the point that bogus links in email have become harder to detect. Instead, use bookmarked links to your accounts or type their known addresses into your browser manually!
Also, we all should keep in mind that it is best that we consider our email to be electronic POSTCARDS instead of electronic envelopes. Just as postcards can be read my anyone handling the mail, electronic correspondence should be carried out with the assumption that your messages will have as much privacy as an open postcard. If you want to put your correspondence in the virtual equivalent envelopes, then ENCRYPT your email. But also remember that any envelope can be intercepted. Bottom line, email is not a secure communication medium.
Please consider subscribing to our newsletter for details on our client recommendations:
Also, please make sure you read our article about why free email shouldn’t be used for business:
Read about today’s Justice Department announcement:
Our original story on this Yahoo hack:
And on the SECOND attack: