Yahoo breach lessons IT can't ignore


As more details emerge about how a group of four Russians breached Yahoo, it’s increasingly clear that the Internet’s very interconnectedness is what makes us so vulnerable to online attacks. It’s enough to want to just unplug from the Internet and go back to semaphore and Morse code.

The Justice Department’s indictments against four individuals allegedly responsible for the two attacks against Yahoo in late 2014 and August 2013 included several bombshells, including the fact that two members of the Russian FSB were involved. Yahoo had previously stated the attackers had stolen names, recovery email addresses, telephone numbers, hashed passwords, and birthdates from more than a billion victims. The indictment claimed the attackers used data gleaned from the stolen cache to carry out secondary attacks against a smaller, targeted set of victims.

Secondary attacks refer to using information obtained in one incident to launch attacks against a different target. The most common example to date has been trying the passwords obtained in one breach against other sites to see if they work.

With password reuse so common, these attempts are often successful, such as the recent incident where credentials stolen from LinkedIn was used to access . This is why after every data breach, users are encouraged to change their passwords on other sites, especially if the stolen password had been reused elsewhere.