Half of these people were affected by Equifax data breach, and even more so by other recent breaches
Half of these people were affected by Equifax data breach, and even more so by other recent breaches

Yahoo, Deloitte and Equifax: New Developments in the Old Stories

Cybersecurity breaches are getting so common that you start to get numb. But it’s a must to keep up with the older stories and see how they unveil. After all, this is how a precedent is formed in a legal sense, and a lesson is learned on a personal level.

Today I wanted to talk about the aftermath of the data breaches in Yahoo, Deloitte, and Equifax. What’s the current status?

Yahoo leak affects 3 billion users after all

In 2013 Yahoo announced that it’s been hacked and around a billion of users’ private data was leaked. In 2017 Verizon closed its acquisition of Yahoo and made it public that announcement, made 4 years ago, might not have been absolutely true.

Today it’s clear that all 3 billion of user accounts data was leaked, including names, addresses, phone numbers, password hashes etc. Yahoo was being made fun of in the forums with users stating that they were using Yahoo accounts only for spam emails and there is no big deal if some hackers saw the huge amount of online gaming news.

If you had Yahoo account, there are a few things to consider:

  • If you have created Yahoo account before August 2013, think about credential stuffing. If you use the same password as in Yahoo account from 2013, you must change it. Don’t reuse it on other platforms.
  • If you created Yahoo account after 2013 August, there is a big chance that your credentials are safe. However, having in mind non-disclosed details about this breach, one might not be so sure anymore. For the sake of protection, implement a proper password hygiene and change passwords (or enable 2FA where it is possible) periodically.

Read more about proper password hygiene here.

Deloitte takes the heat for exposing private data from businesses

There are still lots of unknown variables in this equation, however, one more giant company has been hit by a cyber attack. According to The Guardian, one of the four biggest accountancy firms, and one of the largest US private firms Deloitte has been experiencing cybersecurity attacks for months.

Apart from tax consultancy and other areas of interest, Deloitte was also covering high-end cybersecurity consulting. It could mean that the attack has not been a “low-level intrusion.”

It seems that only after these events (sources show that attack might have started in November 2016), two-factor authentication has been introduced as one of the security measures in the company. By abusing administrator’s account (or elevating privileges), intruders managed to get access to clients’ emails, some of them with highly sensitive details. And even more sensitive data could’ve been exposed: business information, usernames, passwords, worker’s health records etc.

Deloitte has been investigating breach which could’ve led to 5 million emails being exposed since March 2017. While we are still waiting for more details about this, one thing is for sure: it’s a huge blow to Deloitte’s reputation.

Equifax breach just keeps on rolling

The breach shook up the entire country: half of all American adult population was affected. Right now we know that Equifax cannot do proper cybersecurity AND count: they announced that 2.5 million more people were possibly in danger of identity theft than officially announced. 

What else? Well, creating havoc to half of a country apparently can work out well. It’s quite possible that the company can expect to get additional revenue from opting in the credit monitoring service that’s supposed to protect people who got their data stolen.

Of course, that’s not the only questionable fact that happened after the breach. For instance, the IRS gave Equifax a 7.25 million contract. And by “gave” I mean exactly that – Equifax was the sole bidder. Talk about having a pie and eating it too.

I cannot even start talking about ex-CEO blaming a single person for not patching properly. Cybersecurity must be a company-wide system, complete with the education of all employees and a team effort. It cannot be implemented if discussed once in a quarter or if your admin passwords are “admin, admin”.

How could this and other similar hacks be avoided?

Next week we will share an article about key cybersecurity practices for businesses.

Stay tuned and stay safe!

We just reached 600+ reviews on Amazon. Very proud to have 4.5 stars – take a look!