Your Online Security After The Yahoo Hack

Uploaded on 2016-10-03 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The data breach at Yahoo has left half a billion people around the world in panic about the safety of their online data. But can consumers, especially in Germany and Europe, do anything protect themselves from attacks?

Half a billion Yahoo users received a message this week saying that they may have had their personal information stolen, including user names, email addresses, phone numbers, and dates of birth. While the hack may not have affected more sensitive data such as unprotected passwords, credit card data or bank account information, the leaked data could still allow outsiders to access user accounts.

The data hack at Yahoo, reportedly dating back to 2014, is regarded as one of the biggest of its kind to date. Yahoo said that it assumes it to be "state-sponsored," but why details have only now emerged remains unclear.

"An increasingly connected world has come with increasingly sophisticated threats. Industry, government and users are constantly in the crosshairs of adversaries," Yahoo said in response to the data breach.

The data breach could also have an impact on the impending sale of Yahoo's core business to US telecom Verizon to the tune of nearly $5 billion (4.3 billion euros), which has been in the making for months.

While the company added that its ongoing investigation had found "no evidence that the state-sponsored actor is currently in Yahoo's network," unassuming consumers still feel alarmed and worried about their online data. But can people take precautionary measures to minimize the likelihood of such hacks affecting their lives?

Consumers not at fault

Dirk Hensel from Germany's Federal Commissioner for Data Protection (BfDI) and Freedom of Information underlined that in the case of Yahoo, this was a hack and not any sort of shortcoming on the part of consumers. 

"This is a data security issue and not directly a question of data protection. This was a malicious hacker attack, which could generally be prevented by establishing the right security measures, and not by consumers taking any action in their own right on their online accounts," Hensel told DW.

Although data protection and data security are related to each other, the terms refer to distinct consumer protection issues. Data security deals with safeguarding information shared online, while data protection limits the ways in which companies can use your information and are allowed to retain

Yahoo tried its best to control the damage caused, announcing that massive data hacks were becoming increasingly commonplace, while millions of people around the world raced to change their account passwords. However, this course of action may likely be useless. Germany's Federal Office for Information Security (BSI) agrees that the Yahoo hack could not have been prevented by consumers shifting their behavior.

BSI press representative Tim Griese did, however, stressed the moral responsibility of giant tech firms, pointing out that "millions of consumers had entrusted their data" to the US-based company.

"Consumers have next to no power or protection after they entrust a company with their data if it gets stolen. We summon companies to handle the data that is put in their trust with care, and to make sure their systems are protected," Griese told DW.

Rules and regulations in an age of globalised data

Dirk Hensel added that Germany had no jurisdiction over providers based overseas anyway, drawing the boundary of where consumer protection rights in Germany begin and end.

"Yahoo is a major provider, and therefore will likely ensure that proper security measures are in place simply out of its own self-interest. But, since it is a US-based company, we have no way of knowing what exact security measures they have taken, and whether these are sufficient in our view," Hensel explained, stressing that it was down to the consumer to decide whether they wanted to use US-based services.

"We are certainly working on establishing more transparency with providers based outside of Germany and the EU. There will hopefully be improved frameworks for this in place in the next two years," he added.

The consumer decides

Hensel emphasized that the best thing consumers can do is to always be informed about the products and services they subscribe to online, as more and more providers move to app-based platforms, which often demand even greater control over consumer data.

"With German providers, we get to assess what safety mechanisms they have and whether they are up to scratch. But companies like Yahoo or Google don't fall under German regulation, and so we can't assess them along those same lines," he said.

BSI's Tim Griese added that people should give more thought to whom they may choose to entrust their personal information.

"With regard to passwords, we advise people not to use the same password for different services and also to be more economical with giving out data. Think carefully who you want to share your data with and what data you are willing to share."

Regulations and jurisdictions aside, the question of what rights and protection consumers should be able to rely on remains open, as the world at large is still settling into the digital age.

DW

« New University Graduate Course: Cyber Anti-Terrorism
AI Will Transform Microsoft »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Feedzai

Feedzai

Feedzai provide software that uses big data analysis and machine-based learning to prevent fraud in ecommerce.

vArmour

vArmour

vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

National Authority Against Electronic Attacks (NAAEA) - Greece

National Authority Against Electronic Attacks (NAAEA) - Greece

The National Authority Against Electronic Attacks (NAAEA) is the national computer emergency response team of Greece.

Samsung Knox

Samsung Knox

Samsung Knox brings multi-layered defence-grade security to your business’s smartphones and tablets.

Buglab

Buglab

The Buglab contest and Vigilante Protocol help companies all over the world to discover and fix vulnerabilities on their digital solutions or assets.

White Cloud Security

White Cloud Security

White Cloud is a cloud-based Application Trust-Listing security service that prevents unauthorized programs from running on your computers.

Cranium

Cranium

AI is being implemented into every business process, but nobody knows whether their AI is secure. Our mission is to deliver security and trust to the AI revolution.

Corona IT Solutions

Corona IT Solutions

At Corona IT Solutions, our team of specialists in networking, wireless and VoIP are dedicated to providing proactive monitoring and management of your IT systems.

Silverse

Silverse

At Silverse, we specialize in building a comprehensive cybersecurity journey, anchored by our extensive experience, industry expertise, and an ecosystem of trusted partners.

Hive

Hive

Hive is a leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations.

Silobreaker

Silobreaker

Silobreaker is a SaaS platform that enables threat intelligence teams to produce high-quality and relevant intelligence at a faster pace.

Black Belt Secure

Black Belt Secure

We provide critical cybersecurity services such as managed security, ransomware mitigation, penetration testing, system auditing and compliance services to your organization.

Cloudsmith

Cloudsmith

Cloudsmith is the only cloud-native, global, universal artifact management platform for securely developing and distributing software.

Replica

Replica

Replica creates authentic virtual environments that ensure identities and assets are always protected no matter where or what work needs to get done.

Tundra Managed Solutions

Tundra Managed Solutions

Tundra Managed Solutions is a comprehensive IT services division offering a wide range of managed solutions designed to meet the diverse needs of businesses.