In September 2016, Yahoo announced that there had been a data breach with 500 million accounts being compromised.
Three months after that, they announced that he figures rose to 1 billion accounts.
On Tuesday this week, Verizon – who acquired Yahoo earlier this year – announced that the breach of 2016 has actually reached triple the amount of accounts compromised.
With a whopping 3 billion accounts breached, Yahoo tops the list of the largest ever data breaches.
CEO of RiskVision, Joe Fantuzzi, has named this “the unfortunate poster child for [an] unexamined risk.” Although this breach definitely makes history, it is definitely not because of its rarity.
Fantuzzi points out that Yahoo is “far from the only enterprise that consistently overlooked critical factors in its risk environment,” but what does this mean for the future of online privacy breaches?
Information security professionals predict that this breach will likely call for the renewal of federal data breach notification legislation.
Willy Leichter Vice President of marketing at Virsec Systems says “this news will add more fuel to fire for having legal standards on how quickly breach information is revealed and how much detail is required”
Apart from two Russian spies who are suspected responsible for the smaller of the attacks, there have been no leads to who may be responsible for these breaches.
Leigh Anne Galloway, cyber security resilience lead at Positive Technologies says that although the breach “may not have included clear text passwords, or ‘valuable’ data such as card details, as we recently saw in the Equifax hack, the accounts are still at risk, and hackers can do a lot of damage with very little information.”
Galloway advises that “changing your passwords is the only way to guarantee your personal information is secure.”