Hacked websites happen on a regular basis, and it seems as if every couple of weeks we see another news alert about the latest “largest data breach ever” being perpetrated by a group of unknown persons.
September 2016 is a month like any other, with various alerts and warnings, however, Yahoo! has just announced a massive data breach of nearly 500 million accounts dating back as far as 2014! Seriously? 2014 and we’re only hearing about it today?
Yahoo Hacked, 500 Million Accounts Compromised
According to a statement released by Yahoo! on the security breach, they have stated that the breach happened in late 2014 and could have contained names, email addresses, telephone numbers, dates of birth, passwords, security questions and answers.
The big concern with this is that users often use the same username and password with multiple accounts, and almost certainly use similar security question and answers. This opens the door for hackers to utilize this information with other services to try and hack those accounts.
What To Do?
At Big Red SEO, we are in a constant state of paranoia when it comes to security of information and websites. Whether it’s passwords for email accounts, websites, directory listings or web hosting access information. We encourage our users, and readers, to keep an Excel file of all critical passwords, and change those passwords every month. We also strongly encourage users not to use the same password on multiple sites.
If it’s been awhile since you’ve changed your password, today is a great day to get that task accomplished. And while you’re making your password changes, make a website backup also and download it to your computer. Over the past two decades of working with websites, we have seen web hosting companies crash servers, accidently delete websites, system breaches and some that have even closed up shop without any notice to users.
Make A Website Backup Also!
We hope that the days of web hosting companies closing overnight and leaving users in the dark are far behind us, but too often users rely on their web hosting company to make backups of their websites. If you read the Terms of Service for nearly all hosting companies out there, you’ll find that they do offer backups, but they are not responsible for corrupted data or backups that can’t be restored. This is still the client’s responsibility to maintain a working copy of their website.
Should you be in the situation where your website got hacked, our team are ready to assist. We have worked with dozens of websites that have been defaced or hacked over the years and we’re ready to help you too.
What Does This Mean For Yahoo?
In many ways, Yahoo will continue on with the same “business as usual” attitude and place the responsibility on the shoulders of their clients. The fact that they were breached is a big concern, but the lack of security awareness of the general public using the same information on other systems, they’ll likely blame that on the consumer, and then refer to their Terms of Service where it says they take no liability for compromised information.
One item that does come into play is that Yahoo is currently in talks with Verizon on a purchase deal, a deal worth $4.8 billion. Yahoo’s statement release starts with “a recent investigation”, but it makes no mention of how recent the investigation has been going on. Certainly there are concerns that the breach happened in 2014 and they’re only coming forward today, and that surely can’t sit well with Verizon. Part of any acquisition incurs potential risk, but with this big of an exposure, it could very well decrease the purchase price by several million dollars, maybe even hundreds of millions, or even cancel the entire deal.
Update Your Passwords. Maintain Security.
In the book 1984, George Orwell wrote, “if you want to keep a secret, you must hide it from yourself” and while we’re not saying you need to go this far when it comes to website security, you do need to take precautions. Using the same password on multiple sites is a bad idea, and using the same password for any length of time can also pose risks.
If you need a maintenance plan to keep your website up to date and generate off-site backups, we can help with this process, just contact us.
In the meantime, we recommend changing your passwords every 30 days. If you need an easy to remember, but secure password, check out http://www.dinopass.com. We’ve used this site for several years now and our clients get a kick out of the combination passwords that it creates. We’re sure you will too!