Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
Sometimes the Chief Information Security Officer’s (CISO) role is hidden in the shadows, and they may generally be unheard of. However, Yahoo’s CISO, Bob Lord, has been in the limelight in recent years after two massive data breaches – arguably the biggest ones in recent history – that affected approximately a billion and a half of Yahoo’s users.
Mr Lord made jokes during an interview at TechCrunch Disrupt New York saying that he “may have broken a record” for the amount of emails sent. The email that circulated was to inform users of the breach.
Not sure the rest of us are finding this funny…
There were two breaches; the first was disclosed in September 2016 where 500 million accounts were reportedly hacked. The second was disclosed just a few months later where reports confirmed that approximately 1 billion accounts were hacked.
To date, Yahoo seem to have been unable to find the source of intrusion; details of how it happened and who was responsible for it. It could’ve been as a result of the 2014 cyber-attack, although Yahoo say there isn’t enough evidence to comment further on this point.
When asked how he felt when informed about the breach, Mr Lord likened the feeling to a weird parallax and trying to put the different pieces together was no easier.
Hackers reportedly broke into the system in 2014, but it took over 2 years for Yahoo to publicly disclose this. What was the reason for the delay in detecting or disclosing the cyber-attack? Mr Lord noted that campaigns can run for extended periods of time, saying that the breach wasn’t a “smash and grab attack; these are long-term plays”. He continued to note that, when they figured it out, they were interested in understanding the nature of cyber-attack.
Serious lessons need to be learned. Mr Lord gives his word that there has been a number of changes that have refined its security programme; saying they now have a group of experts working at Yahoo called the Paranoids who know what they’re doing to clamp down attacks.
Four people have been charged; three Russians and one Canadian. But the question to ask is how they were able to go that deep into Yahoo’s systems to start with.
Mr Lord admitted that it was due to long-term compromises, and also said that the cyber-attackers must’ve worked hard to fly under the radar and gain access to the system that they were tasked with. More surprisingly, Mr Lord seemed to praise their professionalism by noting that they were “skilled individuals”.
The CISO didn’t seem to answer the question posed of how the cyber-attackers actually accessed the system. Instead, he answered: “I’m not going to go into technical details.” This may feel like a deflective strategy used to avoid answering the question, but he vaguely listed how attackers gain access to cyber-security systems:
At the end of TechCrunch, Mr Lord was asked:
…how does he know that there still isn’t a hacker in their system?
Mr Lord couldn’t 100% confirm there wasn’t as he said it was trying to prove a negative, but he said Yahoo has built-up circumstantial evidence to show that the cyber-attacks that took place before just aren’t possible any more.
He said Yahoo has programmes in place to reduce the chances of further exploitation; but that doesn’t give the one billion plus users any peace of mind as Yahoo are unable to give reasons for the second cyber-attack.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020