Your Online Security After The Yahoo Hack

Uploaded on 2016-10-03 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The data breach at Yahoo has left half a billion people around the world in panic about the safety of their online data. But can consumers, especially in Germany and Europe, do anything protect themselves from attacks?

Half a billion Yahoo users received a message this week saying that they may have had their personal information stolen, including user names, email addresses, phone numbers, and dates of birth. While the hack may not have affected more sensitive data such as unprotected passwords, credit card data or bank account information, the leaked data could still allow outsiders to access user accounts.

The data hack at Yahoo, reportedly dating back to 2014, is regarded as one of the biggest of its kind to date. Yahoo said that it assumes it to be "state-sponsored," but why details have only now emerged remains unclear.

"An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the crosshairs of adversaries," Yahoo said in response to the data breach.

The data breach could also have an impact on the impending sale of Yahoo's core business to US telecom Verizon to the tune of nearly $5 billion (4.3 billion euros), which has been in the making for months.

While the company added that its ongoing investigation had found "no evidence that the state-sponsored actor is currently in Yahoo's network," unassuming consumers still feel alarmed and worried about their online data. But can people take precautionary measures to minimize the likelihood of such hacks affecting their lives?

Consumers not at fault

Dirk Hensel from Germany's Federal Commissioner for Data Protection (BfDI) and Freedom of Information underlined that in the case of Yahoo, this was a hack and not any sort of shortcoming on the part of consumers. 

"This is a data security issue and not directly a question of data protection. This was a malicious hacker attack, which could generally be prevented by establishing the right security measures, and not by consumers taking any action in their own right on their online accounts," Hensel told DW.

Although data protection and data security are related to each other, the terms refer to distinct consumer protection issues. Data security deals with safeguarding information shared online, while data protection limits the ways in which companies can use your information and are allowed to retain

Yahoo tried its best to control the damage caused, announcing that massive data hacks were becoming increasingly commonplace, while millions of people around the world raced to change their account passwords. However, this course of action may likely be useless. Germany's Federal Office for Information Security (BSI) agrees that the Yahoo hack could not have been prevented by consumers shifting their behavior.

BSI press representative Tim Griese did, however, stressed the moral responsibility of giant tech firms, pointing out that "millions of consumers had entrusted their data" to the US-based company.

"Consumers have next to no power or protection after they entrust a company with their data if it gets stolen. We summon companies to handle the data that is put in their trust with care, and to make sure their systems are protected," Griese told DW.

Rules and regulations in an age of globalised data

Dirk Hensel added that Germany had no jurisdiction over providers based overseas anyway, drawing the boundary of where consumer protection rights in Germany begin and end.

"Yahoo is a major provider, and therefore will likely ensure that proper security measures are in place simply out of its own self-interest. But, since it is a US-based company, we have no way of knowing what exact security measures they have taken, and whether these are sufficient in our view," Hensel explained, stressing that it was down to the consumer to decide whether they wanted to use US-based services.

"We are certainly working on establishing more transparency with providers based outside of Germany and the EU. There will hopefully be improved frameworks for this in place in the next two years," he added.

The consumer decides

Hensel emphasized that the best thing consumers can do is to always be informed about the products and services they subscribe to online, as more and more providers move to app-based platforms, which often demand even greater control over consumer data.

"With German providers, we get to assess what safety mechanisms they have and whether they are up to scratch. But companies like Yahoo or Google don't fall under German regulation, and so we can't assess them along those same lines," he said.

BSI's Tim Griese added that people should give more thought to whom they may choose to entrust their personal information.

"With regard to passwords, we advise people not to use the same password for different services and also to be more economical with giving out data. Think carefully who you want to share your data with and what data you are willing to share."

Regulations and jurisdictions aside, the question of what rights and protection consumers should be able to rely on remains open, as the world at large is still settling into the digital age.

DW

« New University Graduate Course: Cyber Anti-Terrorism
AI Will Transform Microsoft »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Council of Europe - Cybercrime Programme Office (C-PROC)

Council of Europe - Cybercrime Programme Office (C-PROC)

The Cybercrime Programme Office of the Council of Europe is responsible for assisting countries worldwide in strengthening their legal systems capacity to respond to cybercrime

Axiomatics

Axiomatics

Axiomatics provides dynamic authorization and access control solutions to protect critical data assets.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

Sangfor Technologies

Sangfor Technologies

Sangfor is a global leader of IT infrastructure, security solutions, and cloud computing.

Brighter AI

Brighter AI

Brighter AI empowers companies to use publicly-recorded camera data for analytics & AI while being compliant with increasing data privacy regulations worldwide.

SkillCube

SkillCube

SkillCube is one of the pioneers in India focusing on Cyber Security Skill Development Solutions.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

TAC Security

TAC Security

TAC Security is a leading and trusted cyber security consulting partner that specializes in securing the IT infrastructure and assets of enterprises.

Automox

Automox

Remediate vulnerabilities 30X faster than the industry norm – and dramatically reduce your risk with simple, fast, and cloud-native endpoint hardening from Automox.

Anvilogic

Anvilogic

Anvilogic provides a unifying experience for security professionals aimed at providing improved visibility, enrichment, and context across hundreds of alerting datasets and security tools.

Gunnison Consulting Group

Gunnison Consulting Group

Gunnison Consulting Group serves the Federal Government with high quality IT consulting services.

Execweb

Execweb

Execweb are a cybersecurity executive network, comprised of 400+ security practitioners who work at Fortune 500 and SME companies.

LastPass

LastPass

LastPass provides award-winning password and identity management solutions that are convenient, effortless, and easy to manage.

OSC Edge

OSC Edge

OSC was founded with the vision of providing expert solutions in IT to government and businesses. OSC Edge empowers organizations with solutions that prepare them for today and tomorrow.

CloudDefense.AI

CloudDefense.AI

CloudDefense.AI is an industry-leading multi-layered Cloud Native Application and Protection Platform (CNAPP) that safeguards your cloud infrastructure and cloud-native apps,