The newly released information about the Yahoo breach has been all over the news over the last few days. According to Reuters, “Yahoo Inc said on Thursday (9/22/2016) information associated with at least 500 million user accounts was stolen from its network in 2014 by what it believed was a "state-sponsored actor." It seems like every time we turn around a new breach is being announced. In most cases years after the actual information was originally accessed. The average breach takes at least 8 months to discover and it takes a more time to diagnose the extent of the intrusion. In most cases the number of affected users/accounts is increased over time as more information becomes available. Yahoo has been investigating this breach for years now and was alerted to it when a popular cybercriminal going by the name “Peace” started to sell credentials on the black market for around $1800 a bundle. The offerings included user names, passwords, date of birth, addresses and other personal information.
This may affect you if you have a yahoo account. If so, you should change your user name and password immediately. However, realize your information may already be on sale on the black market. Also, you should be more guarded on opening e-mails from others with attachments or links. This amount of information is a phishing e-mailer’s dream, emails containing malware can be sent that appear to come from you or your friends which makes them far more likely to be clicked than if they come from an unknown source. You should always use a unique password for your individual accounts and change it every 90 days. Never make your bank account access password the same as any other password.
F1 Solutions Security Team