The Yahoo breach is a great example of three or four different Cyber Security issues all linking together to demonstrate the destructive power of today’s cyber-criminals. Rarely now the stereotypical spotty/angry teenager looking for notoriety; cyber criminals are industrially funded, technologically gifted and in some cases even state-sponsored – cybercrime is big business!

This particular incident is significant because it is the largest known breach of all-time; over 500 million accounts were hacked, allegedly resulted in the theft of data such as names, email addresses, telephone numbers, dates of birth and encrypted passwords.

The breach occurred in 2014 but Yahoo decided not to disclose the details to the public at the time, meaning that it essentially went undetected, even to Yahoo’s new owner Verizon who apparently knew nothing about it! In terms of an “attack chain” what you have here is the breach of a trusted 3rd party.

All data, when sold on the black market, can easily be turned into high-quality information used by criminal organisations for future Phishing campaigns. Such campaigns can be very convincing if other information complementary to email addresses is available.

Through a combination of either your own bad password management or by being sucker-punched through Phishing, there is the renewed opportunity for massive financial gain by the bad guys, thanks in-part to Yahoo but also you, the soft-centred human, the target.

Unfortunately bad password management is rife because people are inherently lazy, and Phishing attacks are effective because they prey on a person’s curiosity.

The Yahoo breach affects you because it will help create the next wave of cyber attack that will come down the road, you will have to ever be on your guard to prevent yours or your company’s data from being exposed. If you don’t want to suffer a data breach don’t be the low-hanging fruit!