Yahoo's 3 billion breached accounts are a boon to identity thieves

Yahoo's 3 billion breached accounts are a boon to identity thieves
© Getty Images

Calling the exposure of a whopping three billion Yahoo accounts a mere "hack" undermines the magnitude of the breach, and it does a disservice to the sheer damage that has occurred and could still come from what is a truly monumental cybersecurity failure. 

Yahoo wasn't just hacked back in 2013 — the company's three` billion user accounts were completely exposed, resulting in a massive treasure trove for criminals, looking to profit from the sensitive information.

Information stolen in the Yahoo incident included personally identifying information such as email addresses, birthdates, telephone numbers, passwords and more. 

ADVERTISEMENT
Much of that information is used to identify customers online. And given common unsafe password practices, it means ripple effects with even more compromised accounts and exposed personal data could continue.

 

To put the sheer scale of the breach in perspective, if all three billion Yahoo accounts were unique individuals, it would represent 40 percent of the world's population.

Of course, it's likely that many users had multiple accounts with Yahoo. Even still, every single one of those accounts had their passwords and personal information exposed. No Yahoo customer was safe.

What's worse, while the hack occurred in 2013, but wasn't disclosed until December of 2016, meaning potentially billions of individuals were vulnerable without their knowledge. 

Even the scope of it wasn't fully understood until this week, when Yahoo's new parent corporation Verizon revealed that all accounts owned by the internet giant were affected.

Yahoo's security failure is just the latest in a string of unprecedented data breaches, including recent incidents at Equifax and Deloitte.

But the Yahoo breach is unique because it is a global incident that potentially affects a majority of users within the connected world. At one point, almost everyone on the internet had a Yahoo account. 

The "hack" once again spotlights the need for better identification methods and security practices, particularly for companies that handle online transactions and sensitive data.

As these security failures continue to mount, cybercriminals will cross-reference growing, extensive databases of stolen information to target victims and successfully take advantage of them. Theft, fraud, phishing and more are all likely to grow as bad actors become more knowledgeable and powerful.

In response, individuals can be more protective of the kinds of information they are willing to share online and with corporations. Does Facebook really need to know every town you have lived in? Users should also begin adopting better password practices to ensure that one account breach does not potentially endanger their entire online presence. 

Consumers need to fight back, but they're going to need help somewhere along the way. 

Businesses also need to invest in security in a meaningful way to prevent attacks, while also investigating new and alternative ways of identifying customers. 

It's clear that the current systems of identity — email addresses, credit cards, and Social Security numbers — are failing us. This year alone there have been more than 20 high-profile breaches. 

These unprecedented failures are the wake-up call the world desperately needed. How we respond will help decide just how much precedent the next "hack" will carry. 

Travis Jarae is the founder and CEO of OWI, which provides identity-focused consulting, research and education services. He is a former Googler, Deloitte consultant, and Citi banker.