LLC - Making IT Personal Since 2000

How Yahoo's Massive Data Breaches Could Leave Your Business Vulnerable

How Yahoo’s Massive Data Breaches Could Leave Your Business Vulnerable

February 3, 2017

With so many credentials to remember, people often reuse passwords or variations of them. Are you one of those individuals? If so, your company might be in jeopardy if you reused your Yahoo password for a business account.

In December 2016, Yahoo disclosed that hackers stole information from more than 1 billion user accounts back in 2013. This news came just three months after Yahoo revealed that cybercriminals pilfered data from 500 million accounts in 2014.

Although the 2013 and 2014 breaches are distinct incidents, the same types of data were stolen. In both cyberattacks, hackers stole passwords, names, telephone numbers, email addresses, birthdates, and security questions and answers (Q&As). Payment card data and bank account information were not taken in either breach.

Because of these two cyberattacks, you need to take action to protect your business accounts if you had a Yahoo account in 2013 or 2014 and you possibly reused your password or your security Q&As.

Create New Passwords

Although the two massive Yahoo breaches were disclosed in 2016, the incidents took place several years ago. Trying to remember what your passwords were back then is likely difficult. So, if you had a Yahoo password in 2013 or 2014 and there is the slightest chance that you reused it for a business account, you need to change that business account’s credentials. Cybercriminals often try to use a stolen password to access other accounts, as they are aware that many people reuse their passwords.

When creating a new password for your business account, it is crucial that you make it strong and unique. Plus, if two-step verification (also known as two-factor authentication) is available, you should take advantage of it. This provides another layer of security, making it harder for cybercriminals to gain access to your account, even if they know your password. Many online business services support two-step verification, including Dropbox, Amazon Web Services, Microsoft Office 365, and Google G Suite.

Besides changing your business account credentials, you should change your Yahoo password if you haven’t already done so. If you received an email notification about the 2013 breach from Yahoo, changing your password is mandatory. Once again, be sure to use a unique, strong password. Yahoo supports two-step verification. The company also offers Yahoo Account Key, which uses smartphone notifications rather than passwords for verification. However, it is not as secure as two-step verification.

Change Your Security Q&As

In the 2013 and 2014 data breaches, security Q&As (both encrypted and unencrypted) were stolen. After each breach was discovered, Yahoo invalidated the unencrypted ones. However, if your Yahoo and business account Q&As are similar, your company might be at risk. Hackers could use the information to gain access to and hijack your company accounts.

When setting new security Q&As, it is a good idea to use incorrect or nonsensical responses. Social media sites often provide hackers with the information they need to answer security questions. For example, cybercriminals can often find the answer to “What is the name of your favorite pet?” by looking at their victims’ Facebook or Instagram posts. By providing incorrect or nonsensical responses, you can help prevent cybercriminals from accessing and hijacking your business accounts.

Time Well Spent

Changing all your passwords and security Q&As can take time and effort, but cleaning up after a cyberattack takes much more work. So, if you have a tendency to reuse your passwords and security Q&As, making these changes is time well spent.

To avoid falling back into the habit of reusing passwords, you might want to use a password management tool. Rather than having to remember all the unique, strong passwords for your company accounts, you just need to remember one. We can help you find and set up a password management tool that is the best fit for your business.