By Kate Higgins
A leading cyber security expert has warned there’s nothing end-users can do about a massive data breach that may have affected more than 1 billion Yahoo accounts.
The beleaguered internet giant says it believes hackers have stolen data from the accounts in a breach dating back to August 2013, believed to be the largest attack on an email provider ever.
It’s not good news for the company, which is the subject of a $4.8 billion takeover bid by communications behemoth Verizon, and was also the target of another breach in 2014 — believed to be separate— which exposed 500 million accounts
Customers have been advised to change their passwords and invalidate their security questions, but cyber security expert Bill Caelli, a Emeritus Professor at the Queensland University of Technology’s Science and Engineering Faculty, says that at the end of the day, those precautions could be of little use.
So are you ready for the bad news?
When it comes to a cyber attack, “there’s nothing the end-user can do,” Professor Caelli says.
“It’s got nothing to do with the end user, mum and dad, the personal user. That’s why it’s very frustrating.”
Yahoo says users’ names, email addresses, phone numbers, birthdays and security questions and answers may all have been accessed by the attackers, but that bank account and payment data should be safe.
Passwords should also be protected by two levels of encryption, the company says.
But Professor Caelli says there’s no real way to know how far hackers have infiltrated a system and that they could stay hidden long after account passwords and security questions had been changed.
“If they penetrate the system, they often leave a time bomb behind … and that can explode whenever they want it to.”
Will everyone leave Yahoo en masse?
Professor Caelli says there is not much data on how consumers behave after a hack.
But, one thing is for sure — it’s not a quick task to migrate an email account.
In addition to changing all of your accounts and subscriptions that may use your email address, you have to wade through correspondence that could date back decades.
“You have to open up [a new email account] … and not close down your Yahoo account and email all your past stuff [to your new account],” Professor Caelli says.
“If you’ve been with Yahoo for the past 10 years, you get the idea.
“[People say] ‘it’s alright, just change over if you don’t like it’ — it’s not that easy.”
Who’s responsible for cyber security?
Professor Caelli believes the responsibility for protecting internet users falls squarely at the feet of regulators.