{"id":13082,"date":"2016-09-27T08:50:29","date_gmt":"2016-09-27T12:50:29","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=13082"},"modified":"2019-11-15T06:53:11","modified_gmt":"2019-11-15T11:53:11","slug":"yahoo-hack-complexity-growing","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/yahoo-hack-complexity-growing\/13082\/","title":{"rendered":"More bad news from Yahoo"},"content":{"rendered":"

Has the shock and awe of Yahoo\u2019s 500 million user credential hack died down yet? Everyone breathing a bit easier? Passwords changed, dead accounts deleted?<\/p>\n

For those of you chuckling and noting, \u201cI never had a Yahoo Account,\u201d or \u201cWho uses Yahoo, anyway?\u201d you may want to look into some of your accounts because you may<\/em> have a Yahoo account and not even know it.<\/p>\n

Wait, what?<\/p>\n

You\u2019ve probably heard of or use Google Apps for Work<\/a>, tools including e-mail that some companies use to run their businesses. What you may not know, given Google\u2019s ubiquitous presence, is that Yahoo offers a similar service<\/a> (called Aabaco Small Business).<\/p>\n

How many companies might that affect? Well, according to a recent blog post<\/a> from Graham Cluley, more than 500,000 domains use Yahoo as their e-mail provider. Any of those domains could be part of the massive theft of data, which Yahoo stated was state sponsored.<\/p>\n

\"screen-shot-2016-09-26-at-1-24-18-pm\"<\/p>\n

According to Kurt Baumgartner, principal security researcher on Kaspersky Lab\u2019s Global Research and Analysis Team (GReAT): \u201cThis situation reminds us of Google\u2019s Aurora APT incident in 2009, announced in 2010. When we compare these two breaches, it is incredible that it\u2019s 2016 and users are being notified years after a major breach, and only after another organization made the issue public. These types of breaches highlight why all companies need to be cybersecurity leaders, implementing industry best practices and available security technologies.\u201d<\/p>\n

So: What can you do?<\/p>\n

The data breach happened in 2014, and we are learning the extent of it only now. Criminals have had some time to pore over this data. Key priorities now are to change passwords and use Have I Been Pwned?<\/a> to check your current e-mail addresses as well ones that you may no longer use or that were from past employers. Then, even if the accounts haven\u2019t been breached, it\u2019s a good idea to delete accounts you no longer use. As we\u2019ve seen with cases such as Myspace\u2019s data breach<\/a>, criminals care about data and login credentials \u2014 it doesn\u2019t matter if you are actively using the site; they know we humans are lazy and reuse passwords.<\/p>\n

\n

#Yahoo<\/a> expected to confirm massive #data<\/a> breach https:\/\/t.co\/hgfblUpiuS<\/a> pic.twitter.com\/2jldXb78GF<\/a><\/p>\n

\u2014 Kaspersky (@kaspersky) September 22, 2016<\/a><\/p><\/blockquote>\n