What does the Yahoo Hack mean for my Business?

What Happened?

In 2014 Yahoo was the victim of a significant breach that resulted in the details of over 500 million users being compromised. The breach is believed to have been state sponsored and includes names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, security questions and answers.

What does this mean for me?

If you had a Yahoo account in 2014 there is a good chance that your personal details were compromised. Yahoo has taken some steps to address the risks of the breach, however if you reused the same password, or your yahoo account on other sites (e.g. Flickr or Tumblr) you could be at risk of having those accounts compromised as well.

The compromise of telephone numbers, dates of birth and security questions may also increase the risk of identity theft or being targeted by scammers. If you have any concerns regarding these risks or believe you've been targeted we strongly encourage you to contact IDCARE (www.idcare.org | 1300 432 273)

At CyberAsk we're working to help businesses prepare for and respond to these incidents in ways that reduce the harm they can cause. If your business has experienced a data breach, we'd love to hear your story and see what we can do to help other businesses avoid the same.

What does this mean for my business?

Wile Yahoo isn't specifically a business service provider, if you or any of your employees were compromised in the data breach there is an increased risk that your business could become a target for cyber criminals.

Email addresses caught up in this and other breaches have also begun to be more actively targeted with spam and phishing, which as well as being annoying, can be more difficult to spot if using details from these incidents.

What should I do now?

FIRSTLY: DON'T PANIC

While your account maybe have been compromised in a security breach, it does not necessarily mean that it has been exploited or that you have had your identity, data or money stolen. However, you should take some basic action and precautions to avoid any further damage:

STEP 1: RESET YOUR YAHOO ACCOUNT

If you haven't already you should log into your Yahoo account and reset your password. The following link will guide you through the process if you're unsure.

Yahoo Password Reset Guide

You should also encourage any employees that may have had Yahoo accounts to do the same.

STEP 2: FIND WHERE YOUR ACCOUNT IS USED

Next you should understand what other services you have registered for with that email account. Think about companies and services you interact with using this account, review any accounts you may have saved in your internet browser, search email for new registrations and check your physical mail for useful reminders such as utility bills.

STEP 3: CHANGE CRITICAL PASSWORDS

Once you understand where your email is used, you should login to the service, check for any unexpected transactions and change the password to a strong password. You should prioritise accounts which are more valuable if they were to be compromised. These include:

  • Banks and financial institution
  • Email services (e.g. Gmail, Hotmail)
  • Government websites and services (e.g. ATO, myGov, CentreLink)
  • Utility companies (e.g. phone, internet, gas, water, electricity providers)
  • Personal computer logins and backup services

Now What?

Incidents such as this are becoming more common and difficult to protect against. As a CyberAsk member we work directly with you to understand and build solutions tailored to your business and situation.