Photo: All Rights – Javad Rajabzade

(Previously published in AndMagazine, January 14th, 2017)

Yahoo keeps hitting the jackpot, in a bad way. Earlier in December, Yahoo had a BILLION ACCOUNTS hacked. That’s the largest number of reported accounts hacked, EVER! To make it even worse, the second largest hack in history happened in September. Who is the poor fool that holds the #2 position? You guessed it, Yahoo! Now, that just can’t be good for business!

And as it turns out, it’s not. Yahoo! is in the middle of being sold to Verizon, with the price set at $5 billion. That’s an insultingly low figure for an Internet firm. Then again, it’s been a long time since Yahoo! was a technology leader. Verizon thought that for $5 billion, it was buying customers and getting a little technology. Now those customers are changing their passwords, or just changing to other providers.

Repeated breaches have undermined confidence in Yahoo!, and the Verizon deal. Verizon is making sounds that the price tag may need to be… discounted. When one corporation buys another, there is a veil of secrecy that makes any operational details fuzzy. Such as, who knew what about the hack, and when. It doesn’t appear that Verizon knew about the September hack until well after it happened, and the deal to sell was already in play.

Sadly, only part of the problem is Yahoo! If your firm has a well-known name and you are in any way connected to the Internet… you’ve been hacked! Oracle and Steam have been hacked. Citi has been hacked. There are many other firms that may have been hacked, but if it was a smaller attack or if the corporation believes that it was not an effective break in, it may never be publically reported. Of course, if the hacker is more skilled than corporate security, does the corporation they really know what happened?

When a story begins with international hacking, we expect it to end with China. China has been identified as the source of the hacking at the New York Times, the FDIC, and the US Office of Personnel Management. Now, after the 2016 elections, we hear that Russia is also hacking in the US. Is there anyone left who isn’t trying to pry into our passwords?

The worst of it, for many average users, is that even if you don’t use Yahoo!, you should still change your passwords, which you probably keep on the back of an envelope somewhere. How many of you have multiple accounts because you’ve lost your id or password, or maybe you never wrote down the answers to those annoying security questions. It’s not a coincidence that there are now so many tools to store your login info. Half of which just might be fake services trying to steal your passwords!

One thing that we can say is that, at least for now, hacking is evolving faster than security. We can all expect to see more stories on hacking, from Yahoo! and from every other big corporation. Banks and financial firms will have new rules in 2017 and will be required to report more small security hacks than in the past. They will need to issue reports to regulators faster. We will learn about hacks that failed or that perhaps weren’t even true hacks, but were instead just glitch. The more that corporate America reports hacking, the more that regulators will create even more new reporting rules. Expect to hear so many stories about security breaches that we start to go a bit numb!

So, remember to change your passwords, and change them often. In fact, I just got an offer in email for a new tool to manage my passwords. Hey, it will also manage my credit card information! For Free! Gee, I wonder how they can make any money?