Last week (9/22/2016), Yahoo announced that, in 2014, hackers made off with over 500 million users account information. This included names, email address, telephone numbers, birthdates, security questions, and salted and hashed passwords. Incredibly, Yahoo released a statement detailing the breach and that they believe the hack was carried out by a country.
It feels as though hacks like these are becoming commonplace. And yet the recent Yahoo hack is one of the largest known hacks in history. The scary part is that these are huge companies. I mean we are talking Anthem, Target, MySpace, Ebay, and Home Depot. What’s more is that the stock price of these companies generally is unaffected by such breaches. It’s clear from these hacks that consumers need to be very wary about what data they give away to companies. Be smart about how you handle your digital identity!
What Was Stolen in the Yahoo Hack?
Let’s first look at the data that was stolen. Yahoo believes that names, email addresses, telephone numbers, birthdates, security questions, and hashed passwords were stolen. The one item out of those that probably has most people scared is the ‘hashed passwords’ but I'm least worried about this.
Here’s why. When passwords are stored correctly, they are never stored in what is called plain text. Plain text is if you wrote down your password on a piece of paper, someone could just copy it and use it. This is why passwords in plain text are worrisome when stored by companies with millions of users—because if someone breaks in and steals all of the data, they instantly have access to all of the passwords just by looking at them.
That is where hashing comes in. Hashing is a way that companies store your passwords securely with a one-way function. The best way to think of this is to picture a blender with a ton of different types of fruit. When you submit a password, you’re selecting a specific recipe to be blended. When you turn on the blender and let it run for a couple of minutes, you’ll have a nice smoothie with a certain color. This is how your password is stored via hashing. The company only knows the color of your smoothie, not all of the elements that went into it.
The beauty with this is that you can always make the same smoothie with the same color. The company can always check the color to make sure it’s yours, and if a hacker were to try and steal the recipe, they would have a really hard time figuring out what ingredients you put in to get that exact right password.
This is how Yahoo stores its passwords. This means that while they have your password, they still only have the color of your smoothie, not the recipe. So all the hackers have is a very hard to guess recipe. Now there is a lot of math, science, and programming that go into it, but that’s what hashing does in a nutshell. If a hacker wanted to get all of the plain text passwords from the data they hacked, they would have to spend a lot of time and a lot of resources having computers guess thousands of times a second what your password is.
Should You Be Worried About the Yahoo Hack?
Luckily there are 500 million passwords the hackers would have to break, which means it would be an extremely difficult and laborious task to do so. Now Yahoo is pretty sure that a country carried out this hack, which means they will most likely have much more resources to break the passwords.
This is why it is important to never use the same password twice. You may want to check out my episode on password management.
This is why it is important to never use the same password twice.
The information that I am worried about is everything else: names, birthdays, telephone numbers, and email addresses. With all of these pieces of information, you can do incredible damage both financially and digitally. After all, how many times do you use some of this information to prove your identity? For instance, what is your birthday? Last four digits of your phone number? All of this information in the wrong hands could be devastating. It could be used for fake accounts or to break into existing accounts that you own.
So what the heck do you do? Well there are a handful of things you can do. First is to create a Google Alert about yourself. Why? If someone creates an account with your name or about you, you will be notified.
Next you’ll head on over to this site where you can type in any of your email accounts or usernames, and it will show you if they have been involved in any known security breaches and hacks. I do this about once a month just to stay current.
I also check my credit three times a year for free thanks to Money Girl Laura Adams, just to make sure no one has opened up any accounts in my name that I’m not aware of. Lastly I use multi factor authentication; this means when I log in to any important online account, not only do I need a password but I also need my cell phone to log in. Typically I’ll be sent a text message, and have to type in a code in order to log in.
Going forward, there are a few things you can do to prevent how much of your data is exposed from these hacks. First and foremost, don’t answer security questions correctly. If a website asks “what was your first car?” I reply back Pizza or something just as nonsensical. I keep this with my password so I still have access to it but it’s different across all websites. If it’s an account you really don’t care about, I typically give out a fake birthday and an incorrect spelling of my name. This ensures that if this information is stolen it will be much harder to be used against me, or to pose as me.
Be sure to check out all my earlier episodes at techtalker.quickanddirtytips.com. And if you have further questions about this podcast or want to make a suggestion for a future episode, post them on http://ift.tt/1xcMcmP.
Until next time, I’m the Tech Talker, keeping technology simple!
Image courtesy of Shutterstock.
Tidak ada komentar:
Posting Komentar