Cyber-security investigators are continuing to assess the damage in the aftermath of the massive Yahoo password breach that occurred in 2014, in which scores of Yahoo users had their password data stolen. The concern of investigators now is that the data could potentially be used to hack other websites, such as banks and email accounts.
According to Shuman Ghosemajumder, Shape Security's chief technology officer in California, cybercriminals often use this data for "credential stuffing". This is a process in which they use stolen usernames and passwords on various websites to access confidential information. Today's software makes this process almost instantaneous for cybercriminals, although it is only successful approximately 2 percent or less of the time.
The main concern for investigators is whether the Yahoo breach will lead to more smaller breaches on other websites. Ghosemajumder doesn't believe that it necessarily will, however, he confirmed that, while he had not observed a rise in new website security breaches since 2014, he had observed an increase in cybercriminals replenishing their supply of newly hacked passwords. Therefore, he noted that it is possible that stolen Yahoo passwords are being used to hack other web services. As always, consumers should be vigilant in protecting their internet passwords.
Yahoo hack: Hackers swipe 500 million Yahoo passwords in biggest ever data breach - TomoNews