“See what these security experts have to say about the Yahoo breach”
But first, some context
In 2013 a hack of the Yahoo network affected all company accounts. The breach was officially disclosed in December of 2016, and Yahoo said the breach affected one billion accounts. While this still led to a huge amount of compromised data, the story would only get worse for the company.
However, now they’re singing a different tune. On Tuesday the firm reported that the data breach was far larger, wherein every single account on their servers had been breached. This is obviously quite a difference, and unprecedented in security failures for firms of yahoo’s size.
Here’s what some security big shots (and 10Fold clients) recently said about the recent Yahoo debacle.
“Back when the breach was first disclosed, we noted that many large enterprises lack the necessary controls to limit unauthorized access. While this remains the case, a breach where virtually all Yahoo users are affected is unprecedented,” said Bitglass CEO Rich Campagna. “It’s difficult to imagine any circumstance in which an organization committed to security could have all network segmentation, policies, and security measures bypassed completely. Even over a prolonged period of time, it is exceedingly difficult to exfiltrate 3 billion records without setting off a single actionable alarm.”
Calling the incident “an epic failure,” Carl Wright, CRO at AttackIQ, called for companies to “seriously, find protection failures before the adversary does.”
Consumers worldwide as well as shareholders “deserve better,” he said. “It is one thing to deploy security controls, it is completely another thing to know that they are working correctly.”
Find more information in: Yahoo Says All 3 Billion Accounts Compromised in Breach
Enjoy your read? Check out our other content here.