Yesterday, Yahoo! revealed that all 3 billion of it’s users were affected by the data breach from August 2016; the company originally said had only impacted 1 billion users. To move such a massive amount of data, Venafi experts believe the attackers behind the Yahoo! Breach almost certainly exploited a blind spot in the organization’s encrypted tunnels.
Unless they have strong cryptography practices, it’s nearly impossible for organizations to detect unauthorized, encrypted traffic coming in or out of their network. It’s also entirely possible that the attackers that perpetrated the 2013 breach retained access to the Yahoo! network and attacked again in 2014.
Kevin Bocek, chief security strategist for Venafi, discussed the expanded Yahoo! data breach with Sky News. Watch the video below to hear his thoughts on the attack and how organizations should handle encryption in the future.
How well have you secured your encryption assets?