On December 14, 2016 Yahoo revealed that 1,000,000,000 (that’s 1 billion) user accounts had been compromised in 2013, a year before they reported another breach that affected 500 million user accounts.
That’s 1.5 billion accounts that were hacked. A company that employs 13,600 people in their IT department was hacked and user accounts from enough people to equal the population of North America, South America, Central America, Australia, Russia, Germany, and a few smaller nations, were compromised.
Why would hackers be so interested in the e-mail accounts of all these people? They’re not. Just like they are not interested in the Chicken Stamp accounts that were breached recently at KFC.
So what are they after? Lax password security by those Yahoo and KFC account users. If you’re like many people, you’ll use your e-mail account as a user name for most, if not all, of the web sites you frequent. And if you’re like most users, you also use the same password for most of these sites.
By the way, Yahoo and KFC aren’t the only companies that have been hacked. Our sister site, DontBecomeAnotherTarget.com keeps track of all major breaches.
So suddenly those Chicken Stamp accounts and those e-mail accounts begin to have more value, especially if those same user names and passwords are used at financial sites.
Some security sites are recommending that if you have a Yahoo account, it’s time to close it, including if you have an account that Yahoo administers (@att.net, @bellsouth.net). You also need to change all of your passwords that are similar to your Yahoo/.att.net/.bellsouth.net. Now. And you need to begin to practice safe online behavior.
What’s safe online behavior? It’s
- not using the same password at all web sites
- using complex passwords that include upper and lower case characters, numbers and symbols
- changing your password a few times per year (it’s recommended every six weeks, but a few times per year is better than not at all)
- not writing your passwords down on a Post-It and sticking it to your monitor. Use a password manager, like LastPass, Dashlane, eWallet
- not clicking the little box that says “stay logged in” at sensitive sites
- not going to dangerous web sites (adult content, gaming sites)
- not opening attachments from people you don’t know
- making sure your computer is patched with the latest updates
- making sure you have a good anti-virus program. And keep it current.
If you own a business and you’re doing your own IT support and security, you’re doing a disservice to not only your clients, but also your clients security, and your own security. Studies show that 61% of people will not go back to shop at any business that’s been breached. Contact us today to see how affordable expert IT support can be.
If you take credit cards, you’re required to be PCI Compliant, and that doesn’t mean checking all of the Yes boxes on the Self Assessment Questionnaire (SAQ), even if the answer is No. It’s actually being compliant by making sure all of the items meet requirements. Most businesses we visit to do our free PCI Compliance assessment are not even close to being compliant. Most fail in every one of the 12 PCI DSS categories. Contact us today if you would like to see if you’re compliant. It costs you nothing to find out.
Regardless of whether you’re a business or a home user, this Yahoo breach should not be taken lightly. You need to act on it today.
Contact us today if you need help. Our engineers are the some of the most experienced in the Southeast when it comes to not only cybersecurity and SMB (Small Medium Business) IT support – it’s what we specialize in. And PCMDX is one of the top PCI Compliance firms in the country. If you’re a home user, we can help you as well by making sure your network is protected (yes, if you have a broadband router and multiple devices, you have a network), and all of your devices are protected.
Updated 12/15/16 10:56am CST to update link.