Yahoo is still reeling from a massive data breach where half a billion customers’ sensitive information was exposed. Now the government says they think Russian hackers were behind the breach. So how did they do it? You’d think that it would require some top-flight hacking skills to break into a tech giant like Yahoo, right?
Actually, zero hacking skills were required at all. The breach was a result of an old-fashioned phishing scam. Phishing is where an email purporting to be from a trusted source like a bank, a coworker, or your email provider is sent and users are told to click on a link or supply their passwords. This either results in malware being planted on the user’s computer that’s spread to the entire company network or with crooks using your account information to steal from you or get into sensitive company systems.
In this case, a phishing email was sent to a Yahoo employee and that person took the bait. The government says a hacker was able to gain access to Yahoo’s user database and the program needed to edit the databases. Then the hackers could target any users they pleased since they had their usernames, passwords, and other sensitive information.
Be careful what you click on.