This is the second incident of Yahoo Breach disclosed by outside forensic experts that exposed billion accounts information.
But more distressing is that the breach happened three years ago and still had not been reported by yahoo unitl now. This left wondering a lot of consumers, Why did it took so long to find out that we have been hacked?
The main surprise is that if breach happened in 2013 then why the company have not known about the breach even after 3 years. The Yahoo still has not revealed that how it come to know about the 2013 attack, but after reading the announcement of Yahoo, it seems that its security team may have alerted by outside investigators rather than its inernal experts.
One of Yahoo's chief information security officer, Bob Lord have wrote in his blog that law enforcement had provided us a data files, saying a third party claimed it is Yahoo user data, then we have analyzed this data file with help of outside forensic experts and found that it appears to be Yahoo user data.
In the US each state has its own standards for when and how breaches must be reported, the law for data breaches are complicated in the US. The Congress has not yet come to any conslusion after the long fight over how to make provision more efficient between those laws.
The main sufferer is, who don't have idea that they should be protecting themselves against potential information theft from the hacks.The company have to find out that which type of data has been taken and whether the data theft poses real harm because different types of information requires different disclosures.
This happened at a time when individual states have different guidelines about who, what and when needs to be notified by the company for the data breaches. The companies are wary of notifying customers due to the fear of brand damage or fatigued consumers by breach will ingore important messages.
The repeated data breaches of Yahoo poses big threat for the user who is not really know how to protect themselves from this type of data breaches.
The company not only Yahoo, but all email provider must check their systems regularly for the problems, so that this type of data breaches could be stopped further and if any breach found the company must inform the user for the data breach.
There must be a data breach laws with strong data security standards, so that no one can succeed in data breach. The company should enhance their internal forensic experts so that they can correctly check their system regularly, if they do so the company will not have to find out external external forensic experts.
If the any Yahoo user consider your password have been compromised, they should take all the necessary steps to secure account. All of them must follow Yahoo’s recommendations.
But here are some extra tips that must have in mind :
1. Don’t save emails if you don’t need
2. Check your email forwarding and reply-to settings
3. Two-factor authentication everywhere
4. Never reuse passwords
5. Don't follow phishing emails
But more distressing is that the breach happened three years ago and still had not been reported by yahoo unitl now. This left wondering a lot of consumers, Why did it took so long to find out that we have been hacked?
The main surprise is that if breach happened in 2013 then why the company have not known about the breach even after 3 years. The Yahoo still has not revealed that how it come to know about the 2013 attack, but after reading the announcement of Yahoo, it seems that its security team may have alerted by outside investigators rather than its inernal experts.
One of Yahoo's chief information security officer, Bob Lord have wrote in his blog that law enforcement had provided us a data files, saying a third party claimed it is Yahoo user data, then we have analyzed this data file with help of outside forensic experts and found that it appears to be Yahoo user data.
In the US each state has its own standards for when and how breaches must be reported, the law for data breaches are complicated in the US. The Congress has not yet come to any conslusion after the long fight over how to make provision more efficient between those laws.
The main sufferer is, who don't have idea that they should be protecting themselves against potential information theft from the hacks.The company have to find out that which type of data has been taken and whether the data theft poses real harm because different types of information requires different disclosures.
This happened at a time when individual states have different guidelines about who, what and when needs to be notified by the company for the data breaches. The companies are wary of notifying customers due to the fear of brand damage or fatigued consumers by breach will ingore important messages.
The repeated data breaches of Yahoo poses big threat for the user who is not really know how to protect themselves from this type of data breaches.
The company not only Yahoo, but all email provider must check their systems regularly for the problems, so that this type of data breaches could be stopped further and if any breach found the company must inform the user for the data breach.
There must be a data breach laws with strong data security standards, so that no one can succeed in data breach. The company should enhance their internal forensic experts so that they can correctly check their system regularly, if they do so the company will not have to find out external external forensic experts.
If the any Yahoo user consider your password have been compromised, they should take all the necessary steps to secure account. All of them must follow Yahoo’s recommendations.
But here are some extra tips that must have in mind :
1. Don’t save emails if you don’t need
2. Check your email forwarding and reply-to settings
3. Two-factor authentication everywhere
4. Never reuse passwords
5. Don't follow phishing emails
