Yahoo Security Breach Take 3 (Billion Users That Is)

Remember that Yahoo breach last year, how it became the largest breach in history impacted over 1 billion users and knocked $350 million dollars off of the Verizon acquisition price? Turns out that EVERY account at Yahoo! including email, Tumblr, Fantasy and Flickr were impacted by the breach. That’s all 3 billion accounts vs just the 1 billion that were announced last year. Oath, the new brand for Yahoo, AOL and some other properties at Verizon issued a press release stating

“The company recently obtained new intelligence and now believes…that all Yahoo user accounts were affected by the August 2013 theft.”

This is a definitive aftershock of one of history’s biggest and worst breaches. But while most press stories focus on “how” the breach happened, they’re missing a critical part of the story. They’re not talking about “what” is being targeted in order to get at the data. The fact is, most breaches happen through compromised identities, stolen passwords or privileged access. Like it or not, when it comes to breaches, all roads lead to identity.

Does this make the breach 3x worse than before?

Yes, because nearly every online user in the entire world was impacted.

Yes, because an email notification is being sent to an additional 2 Billion people announcing that Yahoo failed in their responsibility to protect user information.

Yes, because this is another reminder of the black eye on the world’s cybersecurity.

Yes, because it reminds us that Russian intelligence conspired “to protect, direct, facilitate, and pay criminal hackers to collect information through computer intrusions in the United States and elsewhere”

We are smack in the middle of an ‘enterprise identity crisis’ that must be addressed by every organization in the world.

Click here to learn why it’s time to rethink security in the age of access.