In November Yahoo got to the bottom of a major hack that sacrificed the security of millions of user accounts. They discovered through computer forensics research that one billion accounts were stolen… TWO YEARS PRIOR, in 2013.
What Data Was Hacked?
No bank or payment details were compromised directly, but the breach undoubtedly exposed names, email addresses, birthdays, phone numbers, passwords, and even security questions and their answers.
How Did It Happen?
One single Yahoo employee fell victim to a very simple phishing attack! They clicked one single faked link that let hackers get right into the company’s internal networks.
Scary, isn’t it?
The hackers accessed accounts by forging cookies on the website. “Cookies” are the trackers that allow sites to learn about its visitors and their behavior, and lets its visitors navigate to and from the page in the same session without having to re-enter passwords.
Who Dun It?
After over two years of FBI investigation, US officials finally uncovered the true scale of this phishing scam’s results, over two years since the incident itself. The FBI figured out that Russian cybercriminals were behind the scam. The criminals were actually spies who were hired by the Russian organization reponsible for cooperating with America’s FBI on investigations related to cyber hacking.
How Could It Have Been Prevented?
In this case, the answer is painfully simple: Employee security awareness training.
If you’re unsure of whether your employees would withstand an attack that could wreak this sort of havoc on your business, we can conduct a free baseline phishing test to answer that for you! Contact us to get started.