Yesterday I came across a headline that caught my eye.
“Four years later, Yahoo still doesn’t know how 3 billion accounts were hacked”
I laughed to myself, because this is something I think about all the time.
Or should I say – the complete failure of security on the web.
You may have heard about the big hacks that hit Yahoo and Experian. Well, yesterday both companies appeared before a US Senate hearing to answer a simple question.
“How did hackers break into your company and steal the personal information for Billions of people”
Their answer: “We don’t know.”
^^ That was really their answer.
From the article:
When pressed about how Yahoo failed to recognize that 3 billion accounts — and not 500 million as first reported — were compromised in what was later revealed to be a state-sponsored attack by Russia, former Yahoo CEO Marissa Mayer admitted that the specifics of the attack still remain unknown.
“To this day we have not been able to identify the intrusion that led to this theft,” Mayer told the Senate Commerce Committee. “We don’t exactly understand how the act was perpetrated. That certainly led to some of the areas where we had gaps of information.”
In short, what she’s saying is what we all need to understand and accept.
There is no such thing as security online.
Even big companies like Yahoo and Equifax (and your bank), who employ highly trained security teams – have absolutely no idea how to keep us secure. And they don’t even try. Experian admitted they could have protected against their hack, but they didn’t.
In short – if someone wants your information. They can get it… right now.
It’s a scary thing to think about and I don’t want to freak you out. But I think it’s important to know.
What can you do about it?
Other than pray.