News that over 500 million Yahoo user accounts were hacked in 2014 – “the world’s biggest known cyber breach by far” – has emerged this morning. Despite the unparalleled scope of this breach, Intercede CEO Richard Parris is far from shocked:
“Given the numerous high profile data breaches already revealed this year, are we really surprised by the news from Yahoo? The real problem is not in the hack itself but in service providers like Yahoo relying on a fundamentally insecure, username and password based, user authentication. If a hack does happen, those details, and other identifying information, can be exposed and they are invariably used to access other services and defraud consumers.
“In my view, we are fast reaching the point at which the industry will have to be compelled to take action. If the first duty of any government is to protect the public, establishing and protecting identity in a digital world ought to be high on the list of priorities. It’s surely time we locked the stable door with secure authentication and identity management before the digital horse has bolted.”
What is shocking to us at Intercede is that the public are only being informed of this now – the user passwords that were leaked were encrypted, but according to reports, the security questions and answers were not. This means that for two years, people who used similar security questions to the ones they used on Yahoo have been much more vulnerable to having their online accounts compromised.
Intercede solutions offer absolute digital security, by creating trusted digital identities for users. To find out more, visit our products page.