Yahoo: A Breach From The Past

Jan 3, 2017 By Renee W, Young Editor
Renee-Wang's picture

Hacking has been making rounds recently in the news. From the suspected Russian hacking in U.S elections to a major security breach in Yahoo, hacking is a very real threat that affects anyone with an email and a password.

In December, Yahoo announced that personal information from more than a billion accounts had been stolen. The information included security questions, passwords and phone numbers. You will be surprised to find out that the hack had taken place three years ago, in 2013.

While there is no clear and concrete motive, one possible reason is that the hacker wanted to disrupt an emerging business deal between Verizon and Yahoo worth $4.83 billion. The other is a purely self-serving purpose – profit. The stolen information has reportedly been put for sale, and continues to be for sale.

How Hackers Operate

Most hackers are state-sponsored, meaning they are hired by a country's government. Their job would be to spy on other countries, to learn about plans for secret weapons or other classified information. Security firms such as Peter Barbour can recognize such hackers by their distinct methods and clear targets.

Some hackers gather information from social media while others send out carefully crafted emails that might pique the victim’s interest. These are called ‘phishing emails’. Aside from being convincing, these emails are also very tempting to read with messages like "You have received a prize. Go here to claim it" or "Your bank account has been illegally hacked. Log in to change your password."

Once such an email is opened, the hackers will install a Trojan" (named after the famous Trojan horse) on the unsuspecting user's computer. The virus hides behind another program and allows the hacker to access the user's computer and important information stored there. From then on, the hacker can send mails to the employee's contacts and the chain continues.

In yet another scheme called 'pass the hash', the hacker takes control of a server where all information is stored. They then wait for the victim to ‘authenticate’ the corrupted server, and then steal the information. These are the kinds of attacks that companies like Yahoo face.

How To Protect Yourself

To protect yourself, here are some ways to strengthen your own virtual kingdom.

First, make your password hard to crack. As tempting as it may be to use an easy to remember or sentimental password, avoid it. Look online for common passwords as a guideline of what NOT to do. Change your password regularly, do not click on any suspicious emails or ads with catchy titles like "See the trick that made doctors mad!" 

Just a reminder, as young virtual citizens, do not give out any personal information. The Internet is a wonderful resource but it can also be dangerous if you are not careful.