This issue has only just been made public; names, phone numbers, e-mail addresses, and passwords were stolen in what may be the biggest public cyber security hack ever. No payment information was taken, but queries regarding why Yahoo! has taken so long to recommend that users change their passwords are prevalent, and the company referring to the incident as a ‘state-sponsored’ hack raises yet more questions.
Mark Skilton, a Professor of Practice at Warwick Business School and an expert on cyber security, said of the case:
"While it's not a surprise to hear the magnitude of users that have been corporate hacked - after all the rise of the digital business means everyone is more or less online these days - what is shocking is the date, 2014, and the sense of resignation that some may have to the event. This is far too late for professional cyber security risk management and certainly from the organisational practices inside a company like Yahoo! that one would expect.
"The other factor is the legal impact for Yahoo! from the reputational impact and liability in losses for customers. This could yet be significant and a headache for Verizon in its planned imminent takeover of Yahoo!
"The lateness of the attack discovery, a whole two years, and the indication that it was a government state sponsored attack suggests both a highly professional stealth attack or perhaps some failure in basic perimeter monitoring by Yahoo!'s internal security practice.
"Either way, serious questions on internal checking of data breaches must be addressed. There will be a significant internal review in Yahoo! and Verizon to develop a turnaround plan for this hack, but it also suggests a need for a stronger perhaps government and industry role needed to increase cyber protection in the light of the rise in more stealth attacks.
"The infamous Russian bank stealth attack had a similar slow burn attack from an undetected stealth attack that resulted in an estimated 1 billion euro loss from several banks.
"This Yahoo! situation is not that level of financial loss, but the impact and rise of huge cyber-attacks will need stronger cyber responses."