A group of hackers recently stole the email addresses and passwords of more than 450,000 Yahoo account holders. Here are three key IT security lessons organizations can learn from the Yahoo hack.
On July 11, a group of hackers gained access to a file containing the email addresses and passwords of roughly 453,00 Yahoo accounts and posted them online.
The breach affected users of Yahoo Voices, formerly known as Associated Content, a service that allows people to upload their own blog posts, videos and other content. The hackers exploited a SQL injection vulnerability to access a text file that listed the account information. The file, however, was old and only contained information from users who joined Associated Content prior to May 2010, when the service was acquired by Yahoo.
The group behind the Yahoo hack, known as “the D33Ds Company,” said it posted details about the data it stole not as a threat, but to provide a “wake-up” call to Yahoo about lax security practices, Forbes reports.
Yahoo apologized to affected users, encouraging them to change their passwords regularly, and announced it had fixed the vulnerability that led to the incident.
What IT can learn from the Yahoo hack
What led to the data breach — and what can other organizations learn from it?
Security experts have pointed out that the breach could have been prevented with a few basic security practices that the company should have been following, such as:
1. Encrypting data
The first thing that jumps out about the Yahoo hack is that the passwords were stored in a clear, unencrypted text file. IT professionals often put a lot of energy into convincing users to choose secure passwords — however, it doesn’t matter what character combinations people come up with if those passwords aren’t encrypted and hashed by the organizations that hold them.
2. Verifying third-party security
Given the age of the data compromised, it appears the breach was carried out by exploiting a vulnerability left over from a separate company, Associated Content, that was acquired by Yahoo. However, that doesn’t mean Yahoo is off the hook — businesses should always make sure they verify the security of the third-party organizations they partner with.
3. Monitoring network traffic
The group was able to copy a lot of information during the Yahoo hack, and that means large amounts of data were moving from the company’s servers to an outside network for a period of time. According to some security experts, Yahoo should have been able to monitor that traffic to detect suspicious network activity and close the door before too much data was taken.