Yahoo!’s monumental data breach from 2013 and 2014 cost the company $350 million, according to a recent report. However, the process of tallying up the cost of a data breach is complex, and it may surprise you how far-reaching the negative consequences can be.
Though it’s easy to focus on the cost of a data breach, the ramifications of Yahoo!’s breach were vast and equally as destructive. After nearly 500 million Yahoo! accounts and other important data were targeted, Yahoo! was forced to slash their sale price by $350 million and walk away from nearly a third of a billion dollars. This figure doesn’t include things like legal or notification costs, fines, customer loss, or other standard costs of a data breach, but clearly Verizon was forced to recognize Yahoo!’s overall deteriorated value, which dropped from $4.8 billion to $4.48 billion.
Cyber attacks like that which crippled Yahoo! go much deeper than just monetary figures. Some experts believe this massive breach played a role in the 2016 presidential election, as well as various other political and governmental offices around the globe. One thing is certain, however: Yahoo!’s data breach has set the precedent for hackers worldwide. What used to be an unimaginable feat is now just another stepping stone to the next biggest hack.
Experts at Venafi took note of the profound fallout from Yahoo!’s data breach and conducted a research study on the site’s cryptographic state. Using the global database of certificate intelligence, researchers concluded that hackers were able to make such profound damage because of Yahoo!’s unsecured keys and certificates.
Virtually a third of certificates on Yahoo!’s external site were not recently reissued, allowing cyber attackers to have ongoing access to encrypted communications. Furthermore, only 2.9% of Yahoo!’s 519 certificates were issued within a three-month span, which hints to the fact that the site is unable to quickly find and implement digital certificates. Lastly, a significant amount of Yahoo!’s certificates used the cryptographic hashing function MD5, a vulnerable certificate that can easily be reversed in an attack and expires in just five years time. Almost half of Yahoo!’s external certificates also use the hashing algorithm SHA-1, which has been deemed insecure against well-funded attackers.
Keeping all keys and certificates secure and up-to-date can be both time consuming and costly. However, as exemplified by Yahoo!, the price of neglecting to secure these critical functions far outweighs that of cryptographic maintenance. By investing in security protocols and prevention methods, you can protect your site from cyber attackers and thus eliminate the risk of slashing your site’s worth and having to pay for standard data breach costs like remediation, customer loss, business disruptions, PR and notification costs, and much more.
To ensure each and every one of your keys and certificates is secure, and to provide ample protection for your site, learn more about how we can help protect your keys and certificates. By following simple protocol, you can rest assured that your company and all it encompasses is safe against the threat of a costly data breach.