Yahoo Hack: Data Encryption Issue

The ongoing case of Yahoo password hack, which nonetheless, is one amongst millions of other password breaches experienced by notable web companies in recent times, has exposed the lackadaisical attitude of some web companies in protecting their users information.

Albeit, Yahoo password hack exploited a vulnerability on the database on its Contributor Network through SQL injection (a basic attack that comprises entering command into the search field of a website to access information stored on the server), the catch remains that such level of sensitive data was not stored cryptographically.

And ironically as it seems, there were no firewalls setup to monitor and detect such malicious activities.

The hackers, despite breaking into the database, would not have been able to make sense of the users information, were it randomly and cryptographically stored.

The security breach has again highlighted how the basic online security best practices have been neglected by leading companies, which follows after more than 5 million passwords were stolen from top networking sites, including Linkedin and eHarmony.

The lapses inevitably means users  log-in credentials, even extensively robust passwords are at risk, and given that some users replicate passwords across several web services portal, its thereby advised to make necessary password changes.
Next Post »