Earlier this week, Brian Krebs posted a story about another hack affecting Yahoo users. Last time it was 500 million users, this time Yahoo believes that 1 billion users were affected. On top of that, the attack happened in 2013 and the security team still has not determined where access was gained.
It is scary to think that many attacks go unnoticed for so long. If it took Yahoo three years to determine they were hacked, how long will it take a small enterprise? When I wrote about small businesses last week I mentioned that they would be wise to consolidate their security platforms. I still believe that is true, but my concern now shifts to the third parties these small businesses are using.
Small businesses should be careful with where they store customer data. How many small businesses are using a Yahoo account somewhere on their network? If they were using a Yahoo account to conduct business, it is safe to assume that the attack reaches farther than Yahoo’s user base. Customer information for many businesses could be exposed because of this breach.
Yahoo and other companies who offer free services must put security first. Security should be a part of every conversation and brought in early. If the security team was established early on, perhaps this could have been avoided.