Even more bad news about Yahoo


Are the shock and horror of a hacked login credentials of 500 million Yahoo users gone? Is everyone’s breathing easier? Passwords changed and dead accounts deleted?

To those who laugh at the whole situation, saying that they never had an account on this site, and to those who wonder how it can be used, I inform you: you may have your account there and not know it.

How is that?

You may have heard or used one of the Google Apps for Work applications , tools that include the email service some companies use for business purposes. Considering Google’s ubiquity, you might not know that Yahoo offers a similar service  – Aabaco Small Business.

How many companies could take advantage of this offer? According to a recent blog post  by Graham Cluley, Yahoo is an email provider for over 500,000 domains. And any of them could have been among those targeted by mass data theft (Yahoo sponsored by some country).

As Kurt Baumgartner, chief security researcher for the Global Research and Analysis Team (GReAT) at Kaspersky Lab, said: “This situation is similar to the 2009 Aurora APT incident against Google, which we heard about in 2010. Comparing the two leaks, it’s amazing that it’s 2016 and users are informed years later after the leak, and the issue itself was made public by another organization. Such leaks show why all companies need to be cybersecurity leaders using industry best practices and available security technologies. ”

What now?

The data leakage took place in 2014, and we are only finding out about its scale now. The criminals therefore had some time to familiarize themselves with the obtained data. The key action now is to change passwords and use the Have I Been Pwned? to check current e-mail addresses as well as those that are no longer used. The next step should be to remove accounts that are no longer in use, even if they have not been hacked. As there are cases such as data leaks on Myspace , it proves that criminals are still interested in personal data and login credentials – whether or not you are actively using the site: they know that we humans are lazy and we recycle passwords.

Baumgartner also recommends caution to those affected by the leak: “Beware of social engineering on social networks; such actions can now appear like mushrooms after rain. Please be aware that any leakage message sent by Yahoo! will only reach users of that mail service and will not contain clickable links or attachments, and will not ask for personal information. ”

As you might guess, this isn’t the last installment in the Yahoo saga. Stay with us and check out Threatpost ; we will certainly keep you informed about the future of this case.