Establishing Digital Trust: Don't Sacrifice Security for Convenience
"Yahoo is just the latest in an increasingly long line of major brands which is learning that it is no longer a matter of if you're breached, but when," Ross Brewer, managing director and vice president for international markets at LogRhythm, told Computer Weekly. "To its credit, Yahoo has been quick to come clean about this attack, and should also be commended for providing its members with actionable advice on how to stop hackers from compromising their individual accounts."
The company is asking users to reset their passwords as a precaution, and says it has updated its security measures following the incident.
Still, as Sophos' Graham Cluley notes, "Potentially, online criminals now have a database of 22 million Yahoo Japan email addresses - and there are surely slimebags out there who would get a real kick out of spewing out a spam campaign, sending a phishing attack to Yahoo users, posing as a legitimate email from the company, or launching a targeted malware attack."