Case study: Yahoo! Hack

What Happened?

Yahoo's security team understood that in December 2014 that Russian hackers had gotten their hands on the company's "crown jewels," which included the usernames, email addresses, phone numbers, birthdates, passwords, and security questions/answers for at least 500 million Yahoo accounts. Throughout 2015 and early 2016, Yahoo's internal security staff was aware that the same hackers were repeatedly attacking Yahoo's user database , and allegations that Yahoo user credentials were for sale on the dark web.

Case study: Yahoo! Hack

What Happened?

Yahoo's security team understood that in December 2014 that Russian hackers had gotten their hands on the company's "crown jewels," which included the usernames, email addresses, phone numbers, birthdates, passwords, and security questions/answers for at least 500 million Yahoo accounts. Throughout 2015 and early 2016, Yahoo's internal security staff was aware that the same hackers were repeatedly attacking Yahoo's user database, and allegations that Yahoo user credentials were for sale on the dark web.

August 2014 Attack

Poor security practices were to blame for the Yahoo data hack. In fact, hackers used a phishing scheme to obtain access to Yahoo's network. A hacker only needed one person with network access to click on a malicious link to gain access. Once inside, the hackers were able to ensure that they would have access to the network indefinitely. Yahoo also kept some sensitive information, such as security questions and answers, unprotected. Chief information security officers should be just as prepared for social engineering assaults as they are for brute-force attacks. This will need that Chief Information Security Officers deliver some level of cyber security training to non-cyber security and non-tech aware employees. Basic security measures, such as the encryption of identifying information, should also be in place, according to chief information security officers. See also: Security