Page 3 - index
P. 3
Phil’s Ramblings
The big news this month is that Quite a few websites have jumped on this
the accounts of 500 million Ya- with suggestions about what to do to protect
hoo! users were hacked some- yourself if you are Yahoo! user. Yahoo!
time in late 2014. At this writ- themselves also include recommended user
ing, it is still not clear (at least to actions in their notification email. Here is
me) why no one at Yahoo! no- what they say Yahoo! users should do to pro-
ticed this before now. Howev- tect themselves going forward:
er, one possible answer is that Change your password(s) and security
there has not been any noticeable impact on questions for your Yahoo! account(s)
their users, which otherwise might have alerted Do the same thing at any other web-
security folks sooner. site where you use the same pass-
What finally brought this to light was a recent words and security questions
offer on the so-called “Dark Web” (where par- Review your accounts for suspicious
ticipants can remain anonymous) to sell infor- activity
mation collected from 200 million Yahoo! user Be cautious of any unsolicited commu-
accounts. This alerted Yahoo! and other secu- nications asking for personal infor-
rity personnel to the possible breach. The FBI mation or referring you to a Web page
is also apparently involved. Subsequent foren- asking for personal information
sic analysis has revealed that up to 500 million Avoid clicking on links or downloading
accounts may have been compromised. In the attachments from suspicious emails
text of email notices sent by Yahoo! to affected Let me expand on the last two points. In se-
customers, Yahoo! suggests that the breach curity breaches like this, it is apparently not
was perpetrated by a “state-sponsored ac- uncommon for “bad guys” to seize the oppor-
tor” (i.e., a foreign government), but I haven’t tunity to send out “phishing” emails that ap-
seen any outside verification of this. pear to come from the company that was
To put this into perspective, Yahoo! says that hacked. These emails will often include pub-
about 1 billion people globally engage with one lic information about the hack, to make them
of its properties each month. I’m not sure how appear legitimate. But, they will then ask you
to correlate “people” to ‘’accounts”, so it may to provide personal information or ask you to
be that not all Yahoo! accounts have been update your logon info through a link in the
compromised. For example, I use a variety of email. Yahoo! makes a point of saying that
Yahoo! offerings every week. I access the In- while they may send information out to cus-
ternet through AT&T DSL service; they use tomers they feel may have been impacted,
Yahoo! as their content provider. So, anyone they will not ask you for any personal infor-
using AT&T DSL has the option to use Yahoo! mation. Instead, they will encourage you to
Mail, Yahoo! Sports, Yahoo! Finance, and so log into your account as you normally do, and
on – as I do. However, I have not yet received then update your password(s) and security
an email notification from Yahoo! telling me questions.
that I am potentially affected. It may be that One website suggested setting up two-factor
those who use Yahoo! through AT&T DSL authentication. This is an increasingly popu-
were somehow not impacted, but we’ll see lar security feature, offered (or required) on
what unfolds over time. many websites. It can take many different
(Continued on page 4)
3
