Introduction
In the history of computers, Yahoo data breach of 2013 and 2014 was one of the highest data breach levels. Yahoo’s website encountered a data breach in 2013 and an attack targeted over 500,000 accounts. The hackers used a spear-phishing scheme and gained access to the company’s database. This was due to poor security practices employed by the company. Yahoo data breach in 2014 was because of attacks by state-sponsored actors. Besides, the compromise exposed the email addresses, real names, telephone numbers, and dates of birth of over 500 million Yahoo users. It emerged to be the highest data breach in history. Yahoo was required to put in place measures to address any future occurrence of this problem again. In this research paper, I will discuss the reaction and measurements that Yahoo took because of the hacking.
Case Description
Yahoo is an internet service firm that was subjected to the biggest data breach in history. The firm has experienced decades of a long history of both cases in which attackers break into Yahoo’s systems, although do not make away with anything and data breaches. Further, two main data breaches of the company’s users’ account data that were disclosed happened in 2013 and 2014. The company believed that state-sponsored hackers committed these attacks.
The case considers Yahoo data breaches that involved stolen information happening from 2013 to 2014. Yahoo’s data breach in 2013 was bad due to poor security approaches by the company. The attack targeted over half a million accounts in which hackers escaped with Yahoo users’ personal information.
However, three billion accounts were hacked into in the 2013 data breach that tripled Yahoo’s earlier approximation of the biggest data breach size in history (Stempel & Finkle, 2017). Some Russian agents hired two hackers to access the company’s user database along with the software operating the database. Hackers had an access to the network of Yahoo via the use of a spearphishing strategy. The attackers took an employee with network access to click on a malicious link for them to get through to Yahoo’s database (Matthews, 2019). In this case, the hackers seized information that could have permitted them to have access to things such as the email accounts of users and calendars.
In 2014, hackers launched another attack that directly targeted the company’s user database. This attack targeted to affect close to 500,000 million Yahoo users. Hackers got account information such as users’ email addresses, names, phone numbers, passwords, and dates of birth (Perlroth, 2017). In early 2014, the attack started with a spear-phishing email that was sent to an employee of Yahoo Company. It is unclear how many workers were targeted and the number of emails sent in this case. Nevertheless, it only takes one employee to click on a malicious link to execute this attack. Using a spear-phishing scheme, hackers sent Yahoo employees disguised emails, which had a malicious link that facilitated network of Yahoo usage. The hack was a state-sponsored actor involving a Canadian hacker together with rogue Russian FSB spies with the intent to have access to the company network and potentially private information and email messages of more than 1.5 billion Yahoo users (Sjouwerman, 2022). This is one of the largest data breaches ever to happen in a company.
Case Analysis
Analysis of Vulnerabilities Exploited
This form of cyber-attack happened was identity theft and was not discovered earlier enough. An action was taken right away after two months of the hacking had occurred when an account user of Yahoo mail product reported seeing some of the information he had saved in the email cloud missing. After following a strict trail on the client’s complaint by Yahoo, it was discovered that indeed the entire organization had been hacked (Matthews, 2019). Vulnerabilities that led to Yahoo user accounts hacking included the following:
Human error
The hack started with a phishing email that was sent to an employee. Unbelievable Yahoo did not adequately step up workers through new –strategies of security awareness training to avoid failures like this. Yahoo had poor security practices that led to these data breaches to happen thus exposing the majority of its users to hackers. Most Yahoo employees were unaware of the security measures needed to take while they are online (Perlroth, 2017). Hence, most of them clicked on the malicious links that were sent to their email, and an attack happened.
Neglect by Management
Yahoo’s management failed to put in place better security practices for its company employees and other personnel accessing its systems. Management also failed to properly examine the breach of 2014 and did not attempt to reveal it to investors despite being informed of the data breach within days of its disclosure. When the company realized that its accounts have been hacked, the management kept this a secret. They decided not to expose this breach to the public (McAndrew, 2021). The relevant legal staff and management were aware that this was a state-sponsored actor who had accessed some user accounts by exploitation of the account management tool of the company.
Technological Failure
Yahoo cyber security problems contained in this case extended from 2013 to 2014. Yahoo applies cookies to provide its users quick access to their password and username information without a need to re-enter this each time they log in to their accounts on Yahoo’s site. On the contrary, people trust that attackers gained access to the proprietary code; hence, were capable of forging cookies (Redfern, 2021). The cookies permitted hackers to log into accounts of users without using a password.
Analysis of the Threat Agents and Attack Vectors
Yahoo’s data breach affected close to three billion user accounts. This data breach was bad because it was due to poor security practices. Hackers gained access to systems of Yahoo using a single spear-phishing strategy. A company employee with network access happened to click on a malicious link, which permitted an attacker to access all the data. This permitted hackers to access all the company’s users’ sensitive information as this data was not stored in an encrypted format. The stolen data was information from users’ email accounts like dates of birth, email addresses, and passwords. Unencrypted and encrypted security questions and answers were extracted (Redfern, 2021). The data appears undisruptive enough by itself; however, how can this information be employed against users?
One of the issues is that the main security questions and answers have been termed as the weak link in users’ digital defenses. A majority of accounts ask similar questions, an attacker might employ the information garnered from a cyber-attack such as the ones on Yahoo to carry out credential stuffing also referred to as automated attacks. Hackers take the stolen information to establish a program (Ali, 2019). The program attempts to log in to other online accounts with more critical information like online shopping and banking.
Similarly, this applies to collected passwords where most internet users apply the same password for all their internet accounts to avoid remembering many passwords. Unfortunately, when attackers breach one site or system, as in the case of Yahoo, all other users’ accounts are also compromised. Hackers can use this information to trick users into disclosing other personal information such as PIN numbers via phishing schemes (Ali, 2019). It is typically performed by phone or by email; scammers will have sufficient information concerning users to trick them into believing they are speaking with their bank representatives. On the pretext of one’s account details checking, people unwittingly disclose details over the phone or through an email to an imposter. With this data, hackers can access users’ plus bank accounts and use their credit cards. Credential sharing between user accounts and failure to use multi-factor authentication aides these compromises easy to implement (McAndrew, 2021). Hence, users’ credentials remain attacker gold, providing persistent, unauthorized access to online accounts for virtually targeted victims.
Analysis Of the Management Response
Yahoo management started sending emails to users of the account affected notifying them to mitigate the effect of an attack. In addition, the company researched to ensure that the information garnered from users’ credit accounts was not part of the data stolen. Coordination with relevant law enforcement agencies was another response that served to minimize the attack’s weight. The firm prompted the 2013 and 2014 victims affected by data breaches to modify their accounts passwords to deter hackers not to using them. Senior management was aware that these data breaches were state-sponsored actors but decided not to disclose them (McAndrew, 2021). The company also put security questions and answers to diminish the chances of utilizing hacked accounts.
Moreover, members of Yahoo’s legal and senior management received different internal reports from the company’s CISO (Chief Information Security Officer) asserting that the theft of millions of Yahoo users’ personal information had happened. Thereafter, the internal security of the company was aware that these same attackers were persistently targeting the user database of Yahoo throughout 2013 and early 2014. In addition, they received reports that the user credentials were for sale on the dark web. The new Yahoo CISO concluded that the entire database of the company comprising its users’ personal data was stolen by state-sponsored hackers and might be exposed on the dark web (Redfern, 2021). Nevertheless, senior management failed to inform the investing public or Verizon.
Recommendations
Improving Security Measures
Yahoo needs to have activated a two-factor validation after the user accounts were attacked. A two-factor validation is when a one-time security code is sent via text to the cell phone of an account user or generated by the application if someone attempts to log in using the password. If a person does not have this code, access to this account is denied. This form of validation adds a security layer and makes it difficult for attackers to use account details, even if they get the account passwords. The aspect reminds students of the different approaches to ensure data security learned in the course (Redfern, 2021). Users may use passwords that are difficult to encrypt and generate information in their accounts using initials, or images.
Furthermore, because of the cyber attacks, the company should invalidate the forged cookies employed in the data security breach so as not to be used again. Unencrypted security answers and questions should not be employed to access email accounts. Besides, Yahoo needs to be more proactive to execute cyber security measures. Hacking nowadays is the price companies pay for internet use. There are often people who desire to pit their wits against companies’ security systems, or sites whether for economic gain or not (Sjouwerman, 2022). Therefore, the company failed to guard its account users against attackers.
Yahoo is a big data firm and they need to have projected the various types of data breaches that hackers might utilize to sabotage their operation. Instead, it is noted that the equipment responsible for controlling traffic in the network in the company had been off for over a year. Yahoo was using the Message Digest (MD5) algorithm, which was discovered to have numerous weaknesses concerning cyber security. In addition, it is noted that the equipment Yahoo used was a substandard tool to guarantee its data security (Redfern, 2021). A firm that individuals entrust with their critical data needs to ensure that data safety is its utmost priority. The company should continually enhance its systems that prevent and detect unauthorized access.
Improving Management
Yahoo could have discovered ways of protecting its workers from manipulation by hackers. The use of company-issued gadgets would have covered Yahoo servers from the 2013 and 2014 attacks. Before these hackings, the firms need to have prompted Yahoo account users to alter their passwords more frequently (Stempel & Finkle, 2017). Yahoo could accomplish this measure by encouraging its users to apply password managers, which support them to regularly change their account passwords without being keen to recall them.
Further, when the company discovered that their user accounts have been attacked, it might have been better for them to share the information, although they kept this a secret. When the company decided to hide the news of the data breach, this resulted in the suspicions that they played a critical role in the data breaches. Top managers of Yahoo were aware of the breaches before being revealed. The failure of the company’s top managers demonstrated why the board of directors should play a significant role in proactive cyber security even though in overseeing the response to any key cyber event (McAndrew, 2021). The board should check top management when it concerns the wrong call on cyber-incident disclosure.
Senior management should become competent in resolving the crisis of cyber event response. Lawyers should play a major role in the response and investigation of cyber events as their jobs can depend on it. Organizations ought to hire in-house lawyers with expertise and actual experience in cyber event investigations and cyber security. Therefore, exposing the data breaches might have given the management the confidence to repair the destruction and restore trust for their consumers (Ali, 2019). Immediately, the company should have commenced a legal investigation because they suspected the attack was state-sponsored hacking.
Conclusion
The data breach of Yahoo in 2013 and 2014 reminds me of data mining in which large company data databases are examined to produce new information. Upon the breaches, Yahoo had to examine its databases and assume safety measures to guarantee that such fault was not ever repeated by the organization. This could have repaired the damage and restored clients’ trust in their services and products. The use of two-factor validation, top management disclosure of cyber incidents, and installation of firewalls to prevent any type of hacking will help to curb identity theft in the company.
References
Ali, B. (2019). Yahoo reveals new details about security. The Hill.
Matthews, K. (2019). Incident of the week: Multiple Yahoo data breaches across 4 years result in a $117.5 million settlement. Cyber Security Hub.
McAndrew, E. J. (2021). The hacked & the hacker-for-Hire: Lessons from the Yahoo data breaches (So far). The National Law Review.
Perlroth, N. (2017). Yahoo says hackers stole data on 500 million users in 2014 (Published 2017). The New York Times – Breaking News, US News, World News and Videos.
Redfern, E. (2021). The Yahoo cyber attack & what should you learn from it? Cashfloat.
Sjouwerman, S. (2022). A single spear phishing click caused the Yahoo data breach. KnowBe4 Security Awareness Training Blog.
Stempel, J., & Finkle, J. (2017). Yahoo Says All Three Billion Accounts Hacked in 2013 Data Theft. U.S.