Reports are beginning to surface that Yahoo has been the victim of a data breach, with the data of 200 million users being offered for sale on the dark web. Although Yahoo has yet to confirm the breach, the data is believed to be real as the seller "peace_of_mind" has previously sold data from the VK, Tumblr and iMesh breaches. Commenting on this breaking news is Simon Crosby, CTO and co founder of Bromium:
“This incident at Yahoo will be a wake-up call for people, but it’s not the first. Certainly it will provide a clear message to chief execs that if something like this happens then they can expect to be paraded in front of a voracious media – and they’d better have some good answers to some tough questions. Businesses have no excuse that they were not aware nor prepared for such attacks. They’ll need to prove that they took all reasonable steps to protect themselves. How they respond may be the difference between a damaging incident, and fatal disaster.
Users need to be vigilant. If you use any services whose data, if stolen and made public, could be used against you, then edit your profile now to include false information and a fake email address, or an alternative, randomised, non work email address from an online provider. Users should also be on the lookout for strange looking emails from friends who you would normally trust - their account might have been compromised. Finally, reset your online service passwords such as your bank, if you think your email may have been compromised, since many SaaS apps use email to confirm password changes.”