Yahoo! recently disclosed that it discovered a data breach that occurred back in 2013. Yahoo! said the breach likely resulted in the theft of more than 1 billion data records. Yahoo! says those records contained names, email addresses, and passwords but not financial information.
In September of 2016, Yahoo! disclosed that it had been breached by attackers who stole at least 500 million data records.
This brings the total number of data records known to have been stolen from Yahoo! at over 1.5 billion records. That’s billion with a “B”. 1.5 billion records of personal information.
Yahoo! believes the two attacks are unrelated.
Neither incident is believed to have resulted in the disclosure of financial information (credit cards, etc.) but they still included names, email addresses, and passwords.
Given the tendency of many people to use the same password in multiple locations this could be much more serious that it seems at first.
Of those 1.5 billion people, many of them likely use the same email address and password on other web sites, social media accounts, e-commerce sites, and possibly even their banks.
That puts those 1.5 billion people at a much bigger risk than just the loss of their Yahoo! accounts.
Yahoo! says it will be notifying people who had their information exposed and Yahoo! has already started requiring them to change their Yahoo! passwords.
There are lessons to be learned from these two breaches:
- Data breaches continue to be a serious threat
- Breaches are likely to get bigger as online usage grows and more data is collected
- Big companies with big resources can still be vulnerable
- You and I shouldn’t use the same password on multiple websites
The last lesson is the one most applicable to you and I.
If you have a Yahoo! account, you should change your password immediately.
While you’re at it, if you used your same Yahoo! password on any other web sites, you should immediately change your password on those sites as well.
Actually, I’m going to change my passwords on all the sites I use even though I didn’t have a Yahoo! account.
And this time, I’m not going to use the same password for more than one site.
– Weston Henry
Do you use the same password at more than one web site?
Are big (and small) companies taking cyber-security seriously enough?