Yahoo has been making a lot of news lately and not for good reason. Marisa Myers failed attempt to turn the company around which resulted in the sale of the company to Verizon for 4.8 Billion has been placed in jeopardy due to its inability to protect and secure its users data.
In September of this year, Yahoo had announced that information pertaining to 500 Million user e-mail accounts had been stolen dating back to 2014. It had taken them two years to discover and report on this loss,
In the immediate aftermath of this announcement, some US senators demanded to know what was learned of the first breach and called for hearings on the matter. But, as the news faded from the media spotlight, so too did the pressure to understand just what happened, and who knew what information when. Fast forward to December, with Yahoo announcing a second data breach, that eclipses the first breach, both in sheer scale over 1 Billion User Accounts, and elapsed time – the breach occurred in 2013.
Horrifically, it’s been reported that the information collected is being sold to hacker groups within the Dark Web and fetching upwards of $300,000 for the information. The information was turned over to US Authorities by an unnamed third party, which upon further investigation deemed it to be credible and formally notified Yahoo. Unfortunately, the downstream effects of this stolen information will be felt for years as hackers seek to exploit this data for financial gain. Therefore, I would urge every yahoo account holder reading this article to do two things right now: 1. Change your password and security questions. 2. Use multi-factor authentication on every web based account you have – bank, credit card, amazon, etc. Do yourself a huge favor, and do that right now.
Back to the important question, just how was someone able to steal user account information for over 1 billion accounts completely undetected? My guess, without having any inside knowledge is that it has all the markings of exploiting SSH Key Access, which is precisely how Snowden, and later Martin stole troves of data from the NSA and how the Government of North Korea stole every bit of sensitive information they could get their hands on from Sony.
SSH creates and encrypted channel that can’t be monitored. That’s what makes SSH so powerful and effective when used for good. However, if used for bad, all those fantastic capabilities render all your security tools – SIEM, DLP tools, etc. ineffective. Which is why we (as the inventors of SSH) strongly advocate that customers implement stronger controls over the entire SSH lifecycle, and recommend the immediate remediation of any SSH Key Access issues within your own company.
If you’d like to learn more about what can and should be done about SSH in your company, please feel free to contact me – I’m happy to help, or at least point you in the right direction.