Bigger Isn’t Always Better… Just Ask Yahoo!
The company confirmed that data from at least 500 million user accounts were stolen, including names, email addresses, telephone numbers, dates of birth and “hashed” passwords. This may be the largest cybersecurity breach ever and the company believes it may have been the result of a state-sponsored actor. But it may be even worse than previously thought!
According to Business Insider, a former Yahoo insider estimated that the breach could have resulted in the theft of an estimated 1 billion to 3 billion accounts based on his knowledge of the database that was accessed. As the insider stated in the article, “That is what got compromised. The core crown jewels of Yahoo customer credentials.”
Whoaa… as if that’s not bad enough, Verizon was in the process of acquiring Yahoo! Hit the brakes on that deal because of the theft of those crown jewel assets. On October 13th, Craig Silliman, Verizon’s general counsel, told reporters that the company has “a reasonable basis” to suspect that the breach could have a meaningful financial impact on the deal. It was suggested that Verizon may look to renegotiate the deal or back out altogether.
With billions on the line, it’s time for enterprises to determine if their crown jewels are vulnerable. Greenlight offers a solution for application security monitoring that uncovers anomalies in the access and queries made to a company’s Universal Database. This solution would have raised a red flag to Yahoo that unusual activities were taking place. It highlights the fact that network segmentation and firewalling aren’t sufficient enough security measures. Continuous monitoring for atypical behaviors is also needed to provide the necessary indicators that a crown jewel asset is at risk.
Don’t wait for your company to make headlines about a breach. Contact Greenlight to learn how to protect your crown jewel assets.