Act Now, if you or someone you love has ever used Yahoo!

October 04, 2016

Insights into the worlds largest known data breach

First reported as an eye popping 200 million users by Recode, Yahoo quickly updated the number of users affected by their 2014 data breach to over 500 million. I’ll say that again, 500 MILLION.

The exact details of the Yahoo breach are still unknown, but according to a report by InfoArmor, “After extensive analysis and cross reference against the data breach intelligence systems of InfoArmor, it was determined that the dump is based on MULTIPLE THIRD PARTY data leaks, which have no relation to Yahoo.”

Well, that’s my cue for a shameless Whistic plug. According to a a Trustwave global report, 63% of data breaches involved a third party. Whistic is the best platform to understand the security profiles of your third-party vendors, and manage them from a risk based approach.

| Learn more at

Now…More about the Yahoo breach.

Just for context (and to have a little fun) lets compare 500 million to some other large numbers.

With a world population of approximately 7.25 billion, 500 million is roughly 6.9% of all living people. After China and India, 500 million is the third largest country in the world. In fact you could add together the 3rd largest country (United States at 321 million) and the 4th largest (Indonesia at 255 million) and you would be pretty close to equaling the Yahoo data breach population.

There have been some other large data breaches before, but nothing compares to the Yahoo breach. Here are some examples.

Ebay (2014) didn’t state specifically how many customers were affected, but they did request that 145 million users reset their passwords. JP Morgan Chase (2014) claims that a data breach affected 83 million individuals and businesses. Target (2013) lost 40 million credit cards and affected 70 million customers. Home Depot (2014) lost 56 million credit and debit cards.

In regards to the cost of the Yahoo data breach a New York Times article had this to say, “Security experts say the breach could bring about class-action lawsuits, in addition to other costs. An annual report by the Ponemon Institute in July found that the costs to remediate a data breach is $221 per stolen record. Added up, that would top Yahoo’s $4.8 billion sale price.”

The folks at Yahoo claim that they learned of the data breach this summer (2016) after hackers began to post stolen Yahoo credentials to underground forums and online marketplaces. You can read more about the timeline of events at InfoArmor.

The biggest problem with the Yahoo data breach is that many people use Yahoo Mail to connect to many of their other online accounts. In a statement Yahoo made to the New York Times, they said that the breach included user names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security question.

So, If you or someone you love has ever used Yahoo, now is the time to change not just your Yahoo password but the password of every account with which you used your Yahoo email address, you used the same password as your Yahoo account, or you linked to your Yahoo account. Better safe than sorry, right?

About Whistic

Whistic is an award winning risk assessment and analytics platform that makes it easy for companies to assess service providers or self assess against compliance and security standards (e.g. PCI, DSS). Headquartered in Orem, Utah at the heart of the Silicon Slopes, Whistic is the creator of the CrowdConfidence TM scoring algorithm that leverages the wisdom of crowds to assess the residual risk of sharing data with a vendor. Whistic was the recipient of the “Best Enterprise” award at the World’s Largest Startup Event: Launch Festival 2016.

For more information about Whistic, visit:

cybersecurity security data breach yahoo Article

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.