Belfast Telegraph

Vigilance warning as Yahoo hackers up the cyber ante

By Margaret Canning

Businesses in Northern Ireland must be extra-vigilant about their cyber-security processes following the hack into internet giant Yahoo, it's been claimed.

Yahoo last week confirmed personal data from 500 million accounts has been stolen in a massive security breach.

It only recently discovered the 2014 break-in as part of an ongoing internal investigation.

The stolen data includes users' names, email addresses, telephone numbers, birth dates, hashed passwords and the security questions - and answers - used to verify an account holder's identity.

David Crozier of the Queen's University Centre for Security Information Technologies (CSIT) said: "People in Northern Ireland who have older legacy BT Yahoo or Sky Yahoo email accounts are likely to have been impacted."

And he warned that more hacks could happen.

"This attack, impacting up to 500 million users, is massive and would be hard to beat," he said.

"Only significant hacks on Google and Facebook would be bigger. Those haven't happened - yet. But 100% security is impossible, so I'd say never say never.

And Conrad Simpson, director at cyber-security advisers Cyphra, said small businesses which used Yahoo emails as a base for company email addresses could also have been hit.

And he warned businesses to be extra-vigilant. One key piece of advice, he said, was to warn employees not to adopt the same password for work emails as those used for their personal emails.

Mr Simpson said that at a recent talk he reminded businesses that a total of 500 million identities had been stolen last year - the number stolen in Yahoo's single episode of theft.

But all individuals who could possibly be affected should carry out checks. "If you have other accounts and have used your Yahoo-related accounts to set passwords, you should go in and change the passwords on those accounts," Mr Simpson said.

The most adept hackers were able to crack "easily guessable" passwords like names. But one method he recommended was to choose the first line of a favourite song and make up a password from the first letter of each word.

Mr Crozier added the hack was likely to cause lasting damage to Yahoo.

"The Yahoo brand has been struggling for some years. This will definitely take further shine off it," he said. Yahoo is in the process of being sold to Verizon for a reported $4.8bn. This may well impact that valuation."

He said companies should ensure staff are trained to secure business systems and networks - and for firms to be prepared to spend as much - if not more - on cyber-security as physical security.

Smaller firms, however, could outsource to cyber security solution providers and consultancies."

Belfast Telegraph