Towards the end of September, there was news that Yahoo! had a massive security breach. 500 million accounts of Yahoo users were compromised. Like always, I was hoping, I was not among the ones breached. Unfortunately, that ain't true. I got this message in my Yahoo! mailbox recently:
It further reads below:
Getting my password stolen is the least of my worries. Passwords are easy to change. And as long as you don't use your same password for different accounts, that piece of information is not much of use for the hackers (unless they physically logged into my account).
What really scares me is this - there is a database of 500 million people out there which contains our - Secret questions, Birth-dates, Telephone nos, and full legal names. That information is just enough to impersonate as me in this online world and then wreak havoc with my life. The hard part of this information is - I can't change my birth-date, my secrets and compromising this is pretty much something that can't be ever undone. The full impact of this hack will not be realized soon enough. And random identity thefts somewhere in the future will be linked to this hack.
I am assuming this is just the beginning of more ominous attacks bound to happen going forward on the internet (state-sponsored actors or not - doesn't matter!). Further investigation reveals that this might not be even the work of a state sponsored actor, and the database has already been put on sale for other people to have access to.
It's time companies are made liable for securing the information about the users that they possess. And if you can't protect it, then don't store it.
It further reads below:
Getting my password stolen is the least of my worries. Passwords are easy to change. And as long as you don't use your same password for different accounts, that piece of information is not much of use for the hackers (unless they physically logged into my account).
What really scares me is this - there is a database of 500 million people out there which contains our - Secret questions, Birth-dates, Telephone nos, and full legal names. That information is just enough to impersonate as me in this online world and then wreak havoc with my life. The hard part of this information is - I can't change my birth-date, my secrets and compromising this is pretty much something that can't be ever undone. The full impact of this hack will not be realized soon enough. And random identity thefts somewhere in the future will be linked to this hack.
I am assuming this is just the beginning of more ominous attacks bound to happen going forward on the internet (state-sponsored actors or not - doesn't matter!). Further investigation reveals that this might not be even the work of a state sponsored actor, and the database has already been put on sale for other people to have access to.
It's time companies are made liable for securing the information about the users that they possess. And if you can't protect it, then don't store it.
No comments:
Post a Comment