Thursday, December 15, 2016

Hacking of Yahoo! : what are the risks for users? – Le Figaro

The flight of a billion data users of Yahoo! poses serious threats to all internet users. However, there are a few parades.

passwords, answers to security questions, full names, and of course, access to the entire contents of a mail box. These data have been stolen to 1 billion users of Yahoo! in August 2013, has revealed via press release the company on Wednesday night. This is the second time that Yahoo! admits to having been a victim of hacking also massive. Last September, the company had learned that a breach had allowed hackers to steal the data of 500 million users in 2014.

This new cyber attack is this time of historic proportions. If she date three years ago, it is no less dangerous. Its authors are, for the moment unknown, have had a wide inventory of choice for the use to dubious ends. Here are the three main scenarios.

• fraud targeted

The information collected will lead to fraud sophisticated against users of Yahoo! or their loved ones. “We have all received phishing scams, a little subtle, where for example a fake mail to the Farm Credit we request our banking information while we are not even customers of that bank,” says the Figaro Gerome Billois, an expert in cyber security at Wavestone, a consulting firm. “But thanks to a database such as Yahoo!, cybercriminals can find in our emails the bank, of which we are customers and customize all of the emails mentioning our dates of birth, answers to security questions, and numerous private items in order to reassure us about the authenticity of the email”, the alarm expert. Scammers may also send a mail directly from the address of a relative in order to extort money or information.

solution: Do not ever click on the link from an email, even if it seems serious, to change your password or provide personal information. It can be a fake website, reproducing the codes from an authentic site, which hackers use to retrieve private data. It is better to go directly to the website concerned and change his contact information in the heading appropriate. If it is the mail address of a close friend that seems suspicious, it is advisable to check the contacting by means other than the mail or ask him questions that the pirates may not have the answer.

• online impersonation

Yahoo! used the “md5 hash” as a technique of password encryption in its database. It is no longer safe for the past ten years, as stated by the expert of cyber security, Bruce Schneier, and the use is tantamount to leaving the passwords in plain text. The hackers have access to passwords. The problem is severe when one uses the same password on other sites. The id and password Yahoo! can allow access to Facebook, Gmail or Instagram.

For people who have been careful to avoid this error, the threat is not ruled out, since the data stolen from Yahoo! also include the answers to the questions of security of the site. “The security questions and their answers are often the same on the sites,” says Gerome Billois. Thus, it is quite easy for the attacker to reset the password of another service with these questions and will receive the new password of a user directly on his email inbox hacked.” In addition to the risks of identity theft on the social networks, these data may also allow hackers to place orders for the accounts of banking sites or e-commerce, which do not practise double authentication.

solution: it is Better to change the account passwords associated with its Yahoo! (like Facebook, Gmail, Twitter…) and especially do not use the same password on every site. Managers password can help the memory. It is better to also enable double authentication on social networks, in order to control access. With this process, a security code sent to a smartphone is required before you can enter the accounts.

• The espionage and extortion information

The hacking of mass, that is to say, of a database of a billion accounts, may allow a targeted hacking. “The theft of a database is either the fact of an intelligence agency, which siphons off the entire data to recover then what it is interested in, is the fact that a group of hackers, who then sell them to the highest bidder on the market places of the ‘dark web’. Intelligence agencies, private or public, can there still be a part of the buyers, in the same way that databases of spam”, said the director of Karspesky Lab France, Tanguy de Coatpont.

Nearly 150,000 accounts of members of the u.s. intelligence are thus directly affected by the hacking of Yahoo!. These would be given to address emergency address, professional email, the structure of which is easily identifiable. The identification of members of the intelligence or of their relatives, as well as access to their mail boxes are then good levers of blackmail to anyone who would like yet more information.

solution: _(ツ)_/ These public sensitive need to take extra care, and place their data in the right places. “The level of security and privacy of an email is the equivalent of a postcard. It is better not to deliver to him a blind confidence”, warns Gerome Billois. That is to say, avoid it in the first place to use his box mail Yahoo! or any other service of this kind to archive personal or confidential information.

LikeTweet

No comments:

Post a Comment