In a company statement Yahoo! stated, “At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products.”
If that is the case then Yahoo! should explain why it stored users ID and passwords with encryption and allowed 400,000 user accounts to be stolen and why these passwords were in the open and not behind a firewall.
As a past CEO and CIO, I am extremely dumbfounded. Companies have security policies that must be followed and normally practice these procedures several times per day. Most companies now have a CSO (Chief Security Officer) and security team in place to ensure this type of blunder is avoided.
User account and data should always be encrypted and stored behind a firewall. Protecting user account information is always one of the top three on any security list. How could a company the side and stature of Yahoo! become victim to such a moronic move? Yahoo! fatally failed!
Yahoo! downplayed the incident by claiming the leaked data was part of Yahoo! Voice services and less than five percent of the data was affected.
As we learn more about this blatant security breach, now is a good time for you to change your passwords. You – as a user have a responsibility to protect your data as best as you can. This is normally done by ensure your passwords are strong enough to stand up against hackers.
The top ten passwords and ones you should avoid are:
Password security do’s and dont’s
Use a password if you share a computer with other users. If you don’t you are risking other people having access to your personal information, deleting files or even using your account to pretend to be you online.
Have different passwords for different things – don’t use the same password for every application or service.
Write your password down – if you can try to memorize it. If you can’t remember your password and do have to write it down, try to disguise it, leaving it in a secure place.
Don’t choose an obvious password – e.g. your name, or a family member’s or pet’s name, your date of birth, telephone number, the current month or ‘password’. It’s very easy for someone to guess all of these.
Keep the same passwords – change them every once in a while and don’t re-use a password for at least a year.
If you would like, we provide a Free Technical Assessment, this can be beneficial to new and startup companies that are not sure where to start. You can always find our cloud and hosted services in the right column of this page or by simply going to our website at Raven Cloud Computing.