January 31, 2014

Yahoo’s email breach, another 3rd party incident.

IStock_000029358058MediumEarly last year, Imperva published a report analyzing a breach that Yahoo had suffered via a vulnerability on their astrology site. As a reminder, back then Yahoo’s astrology site was operating with data coming from a platform provided by a third party company. When that third party server was breached, Yahoo got the bad headlines.

Today, Yahoo disclosed a breach that effected their own mail system that apparently resulted from a third party hack. And while Yahoo definitely responded very fast to the incident, it raises questions for any company out there.

Companies should ask themselves:

  • How are we securing our users information and ourselves when we use third party services (which could be hosting, SaaS, call centers, authentication providers, website plugins and more)?
  • How much do we know about the security measures implemented by the third party companies we obtain services from?
  • If we provide a service to others, how secure is it?

Often, companies seem to put their trust in code and services that are not homegrown without knowing if they have the ability to monitor and secure said services.

What is the industry doing about it?

PCI v3.0 is a very good example of one regulation that addresses this issue, as it just added a mandate for service providers to secure their client information, making them accountable for the security of that data.

Where can I learn more?

  • Background information on last year’s Yahoo breach can be found in this HII report
  • Our webinar covering the most recent PCI v3.0 changes
  • Our CMS Hacking research, covering the implications ofthird party vulnerable applications

Authors & Topics:

Share on LinkedIn


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.