I got an email this morning from Yahoo. I started wondering if someone has hacked my account or maybe Yahoo detected a suspicious activity. Only to discover that they are alerting me of Yahoo security breach that took place in December 2016 were 1 billion accounts were exposed.
Maybe one day, service providers would start taking our privacy more serious and at least provide us with enough information when we need them and stop considering the security of our data as a secondary requirement that has to be taken care of only after a breach.
The Yahoo data breach of 2013 actually exposed all yahoo accounts password according to a new report from new owner of the company Verizon “all Yahoo user accounts were affected by the August 2013 theft”. this means that about 3 billion user accounts were compromised in 2013 and they only discovered it in 2016 and not only that, only 1 billion user accounts were treated as compromised by the breach and the rest who might not take caution to at least change their account password were left vulnerable till Oct. 2017. what a bad security practice.
Assuming that the other users who were not alerted or that did not change their passwords are re-using same password on different accounts, it means that all those accounts that share the same password are also left vulnerable since 2013 to 2017.
It’s high time we stop believing that service providers would take adequate measures to protect our data but rather, we should be taking appropriate security measures on our own. Such security measure includes – Enabling MFA on accounts, stop re-using a password (one password for one account) on different accounts and ensuring that passwords are stored securely.
