Company data is being hacked all the time, so it's almost not even news when a company announces that it's had data stolen, including passwords, and that they're in the hands of criminals.
However, the recent announcement that Yahoo had been hacked and had half a billion emails stolen was eye watering.
That's a lot of data, and such a huge breach means it's not only Yahoo customers that are affected, it means everyone is potentially at risk. Here's why.
How people hack
There are many ways in which the bad guys can get into your accounts. The most common is to use some kind of "social engineering", they essentially get your confidence and then brazenly ask for your password. Lots of people just hand them over.
But another way is through brute force.
This means simply testing a huge number of words and word combinations until you find the one that works.
However, it has a fairly low success rate for a number of reasons:
• People now often use more complex passwords
• You need a lot of computing power
• You're limited by the size of your dictionary
Point one often depends on the type of account and demographic of user. There are still many people using very easy to guess passwords, so if you have a large enough number of people, you will probably manage to find a match.
Point two gets less of a problem as computing power gets cheaper. Also, some of the more inventive hackers out there are using cloud computing for phenomenal processing speed.
Point three is where this hack comes in. You see, having a large dictionary means you have more chance of getting a 'hit' with a password, and Yahoo's breach just added 500,000 to the pool.
That data will now be being shared across the darker places of the web, being added to the dictionary they already have and being used to attack other networks.
The bigger picture
Essentially, this hack weakens security for all.
Even if you're not a Yahoo user, the networks you currently use could be under attack, and if anyone else uses anything like your password, then your account could be at risk.
The problem is made worse by the fact that many of us re-use passwords. In fact, it's calculated by Cambridge University's Security Group that passwords are re-used 49% of the time, which is an astonishing amount.
What can we do?
Luckily, we've already covered this extensively in another blog, but in brief, here's what you need to do:
• If you're a Yahoo user, change your passwords now!
• Even if you haven't used Yahoo for years, if you tend to re-use passwords, start changing them
• If you've never been a Yahoo user, but you re-use passwords, consider changing them and making them unique for all the sites you visit
Obviously, some sites are more sensitive than others. For example, banks use a number of different methods to protect logins, including using passcards and codes, however other sites aren't so secure.
If you'd like to speak to an expert, give our team a call on 01527 880088 or email firstname.lastname@example.org