Yes we know yahoo had millions of email addresses hacked or rather the email address password database was stolen by an ingenious hacker.
Also according to this story(TechCrunch) the full disclosure over several years is 1 Billion email addresses and passwords were stolen
Updated 3/14 later in day: also keep in mind if you have an ATT email account that is tied into Yahoo due to a connection the two companies made – aand that includes Verizon. CNET news story “Yahoo hack: It’s not just verizon. AT&T should be worried too”
So we know of about a million email addresses being sold on the Dark Web, and this is just the first 100k being sold on a dark web interface:
Image from hackread.com
In this ad for 10.75$ you can obtain 100k email addresses and the decrypted password.
So your Yahoo email and password is in many places now, Where did you use the Yahoo email to login? Banks, credit card.
The hackers are not just buying emails and passwords to check your email. First they will check your email and then see what bank and other accounts they can take over.
Or they can use this information to create more focused phishing campaigns. I.e. the information in emails within all the yahoo emails can be used to create targeted phishing campaigns (also called spear phishing)
So what should you do?
Get rid of your Yahoo email address ASAP, should you require all employees to remove any vestiges of Yahoo emails in their lives?
How can you make this claim? Because the longer they keep the Yahoo email account the more likely the criminal hacker will access the email account and steal information to phish more effectively, especially into a company account.
Have you ever sent something from work email to the Yahoo email? If this is a Yes now the hacker knows your work email. and can create highly sophisticated phishing attacks with malware that may have an adverse affect on your company.
So owning a personal Yahoo Account may enable criminal hackers to get access to your company in the months ahead as the criminals are just now digesting how the new information and are setting their attack plans in place.
Remember this OODA Loop image.. from my post a few days ago(Feb 28 Post “What Cybersecurity Methods to Use”).
Right now both the criminals(Attackers in red) and you have been given information what is more likely the attacker will Observe, Orient, Decide and Act first or you will process the OODA loop and ultimately ACT!
In the past it has been the aggressive criminals making moves and getting the into company networks.
What will be your move?
Contact Us to discuss.