Abstract:
Yahoo was breached multiple times resulting in a billion Yahoo accounts being compromised. The breaches included personal data of users detailing email addresses, phone numbers, birthdays, hashed passwords, and security questions. Luckily, Yahoo kept financial information in other systems that were isolated and untouched by the breaches. Jeremiah Grossman, a previous information security officer at Yahoo, mentioned that there is a lot of confusion and not a lot of support for the security team at Yahoo. Additionally, while the passwords that were stolen were hashed, and not saved in plain text, Yahoo was relying on an out of date hashing algorithm known as MD5. There are several vulnerabilities with this hash, the simplest being able to search for the hashed password on Google and receiving the plain text translation in the search results. My biggest take away from this article is that companies need to plan and invest more in cybersecurity, or more regulation is needed to ensure that best practices are being followed.