Learn from the Yahoo Breach

By: Absolute Team | 7/27/2012

Earlier this year Yahoo breached more than 450,000 login credentials as the result of a hack to Yahoo Voice. The hack was considered rather unsophisticated and the passwords were being stored in clear text, which is quite insecure. According to Yahoo, only 5% of the credentials were still valid on Yahoo, though the breach is still significant.

What can you, as a business, learn from this breach? First up, PC World offer these tips:

  • Confirm breaches quickly (network monitoring is key)
  • Watch for fast-moving SQL injection attacks
  • Beware third-party security
  • Require strong passwords (and we suggest you enforce strong password practices among employees - a large number of passwords were basics such as "123456" or "111111")
  • Make your password databases secure
  • Set up least privilege access to the database server

As PC World notes, no matter how secure the consumer had made his/her password, it still would have been breached in this case - it was more about password handling than password weakness, which we often talk about.

Financial Services