At least 500 million Yahoo passwords and usernames, as well as personal information used for security checks, have been stolen since 2014. Equifax has urged businesses to step up security checks.
John Marsden, Head of ID and Fraud at Equifax said “Passwords are continuing to topple like dominos, and the rate of major breaches is increasing at an alarming rate. The Yahoo breach is a super-sized domino that is going to have huge effects on people for years to come. This is a game changer in the online fraud world; aside from Gmail being cracked, there is no other single event that could happen that will cause more fraud and damage over the next five years.
“The breach has been a major blow to Yahoo with personal details of around half a billion users now up for sale on the dark web. This information will spread quickly and globally with no chance of recovery. There will be a long lasting impact for consumers and businesses as hackers attempt to use the breached data to access other online accounts.
“We urge businesses to be on high alert for any customer contacting them from a Yahoo email address as there is a high chance that their details have been comprised. One particular area to watch are requests to reset passwords, sending a “click here to reset password” link to a Yahoo address is not advisable given the size of the breach.
“Passwords are no longer effective as a stand-alone measure and companies must act sooner rather than later to improve their online security. The normal advice of complex password, numbers and numerals no longer works in a world where there are now billions of cracked passwords; companies should instead introduce a second layer of authentication processing, such as device recognition, to help build the necessary barriers to keep data safe.”