OOOps, Yahoo is admitting to being hacked again; this time it is a double whammy. They are alerting their customers a fair bit after the damage was done. They are also being as private as they legally can be about it; “if you or your information was involved, we will contact you with details”. Details? If account information fell into the hands of persons or entities outside yahoo proper and you happened to be one of millions of people who store their investment portfolio, investment account information, email account information, or personal information on their servers (to make day to day news, financial, activity, etc. easier), then that information may well have been compromised yet again.
Let me be clear, if you are one of the folks whose information was involved, the damage may have already been done, or it may be used in a month or a year. I know it is tempting to maximize the convenience offered by services like Yahoo financial, or Bing, or Google, or Scott Trade, or any of hundreds of convenience services provided out in the web; but, we (the consumers) need to be mindful of the fragility of our personal information and therefore careful whom we trust it to. The more information a service collects, the more attractive it becomes to hackers (thieves by any guise) looking to make big money quickly.
Your personal computer(s) represent a target containing information that might allow cleaning out one family; Yahoo’s servers represent a target containing information for more than a million families. Even if it is harder to get into Yahoo’s computers, isn’t it clear that it would be worth the effort? Now most of us have heard of someone who’s personal computer was compromised (causing the wise sufferer to cancel credit cards, change passwords, change account numbers, etc.); it seems a small step to me to understand why hackers would put forth the effort to raid Yahoo or Bing, or any of the other service holders out there.
Now comes the painful part; if you are alerted to the “event” within 24 hours, you have a real good opportunity to prevent any real damage. You will experience a lot of anxiety and inconvenience to protect yourself, but you can stop it all before any permanent damage is done (you would hope). On the other hand, if you aren’t alerted to the event until 6 months or a year have gone by (heck, one week would be bad let alone these longer periods), the damage could already have become painfully obvious by the time you are alerted.
All of this brings me to two points; one, choose carefully what you put on “helpful” websites; and two, be careful which of them you trust. When one of the big banks was hacked a few years back, they alerted clients on the next business day after they found out; Yahoo, started alerting clients last week for a hack that occurred last year. As consumers, we can pressure these companies into better practices through choosing carefully whom we do business with.
As always, if you have questions, Benediktson Computer is delighted to answer your questions before you have problems and ready to help after the trouble has started.
Benediktson Computer, Inc.
and check us out on facebook.