Privacy Commission Advisory on Yahoo Breach
The National Privacy Commission (NPC) would like to reiterate the recommendations of Yahoo and cybersecurity experts to Yahoo users to change their passwords on their Yahoo accounts.
This follows after the compromise of half a billion user accounts from Yahoo’s servers in 2014 that was only discovered and confirmed by Yahoo this week. Below is what was posted on Yahoo’s email log-in page about the Account Security issue :
"We have confirmed, based on a recent investigation, that a copy of certain user account information was stolen from our network in late 2014 by what we believe is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers."
Other than changing Yahoo log-in credentials, the NPC also recommends that Yahoo users change log-in credentials of their other online accounts where they might have used their Yahoo email for account verification purposes. The security questions on Yahoo might also have been compromised and it would be a good idea to revise the security questions or disable that feature. The NPC also recommends activating two-part authentication to gain first time access to your account. Two-part authentication uses a phone number you provided to verify your identity.
According to Privacy Commissioner Raymund Enriquez Liboro, “A compromised email account can be an avenue for a hacker to gain access to other personal online accounts of an individual, from social media sites to on-line payment portals. That is why it is important to maintain good password hygiene, use pass phrases with numbers or special characters instead of single words, take note of log-in attempts into your account/s that weren’t initiated by you, and change your password/s two to three times a year, or as many times as you change your toothbrush.”
It was revealed at a Microsoft Cybersecurity Summit for government agencies that it takes an average of 502 days for system administrators to detect a security breach.
About the National Privacy Commission - The National Privacy Commission is an independent body mandated to administer and implement the Data Privacy Act of 2012, and to monitor and ensure compliance of the country with international standards set for data protection.