YAHOO HACK: Comment from cyber security lead at Mishcon de Reya
For immediate use/distribution
Yahoo has confirmed a large-scale data breach of their systems in 2014, and that the 500 million user records have been lost. Commenting on this data breach, Joe Hancock, Cyber Security Lead at Mishcon de Reya, said:
"This is a huge loss of 500 million records which has gone seemingly undetected for over eighteen months. 200 million records have been offered for sale since August, and may have come from a previous data breach. Attributing this breach to a state actor is unusual, as such a large data set would usually be targeted by criminals. Yahoo has moved quite slowly to confirm the breach and to put protective options in place, although the sheer scale of data lost is hard to comprehend."
"The release is likely to increase the use of the stolen credentials for other online services, or where a similar password has been used. The fact that security questions and answers were lost is also concerning, as they are often common to many services – it's hard to remember to change your mother's maiden name or first pet. There are likely to be more historical breaches coming to light in this manner, although they may not be attached to such a large brand."
"This comes at a difficult time for Yahoo, as it may affect its upcoming sale to Verizon. After the 2013 data breach at Target, legal claims ran to millions of dollars and continued for several years. In the case of TalkTalk, the share price fell by 11.5%, before recovering. Breaches like this hit a business' balance sheet."
For more information/interviews: firstname.lastname@example.org