Confirming what was long suspected by the security community, Yahoo has confirmed a massive breach of over 500 million email accounts, including both credentials and security questions.
October 4, 2017 Update: Yahoo now confirms that the hack impacts 3 billion accounts, and not the 1 billion or 500 million that was previously reported.
Email’s changing threat model
In the past couple years, the increasing number of high profile email hacks have clearly demonstrated that the threat model for email has changed dramatically. While previously there was a reasonable expectation of security and privacy with email communications, now it is becoming fairly evident that most email systems are simply not capable of protecting user data. However, email is still an essential part of our lives, an integral part of our digital identity.
At Proton Mail, we are addressing this problem by taking a completely different approach to email security compared to every other major email provider. We have a different threat model, where our starting assumption is that a security breach is inevitable, and we have designed our entire architecture around that premise. This is because in our view, the existing paradigm of cyberdefense, which is “keep the bad guys out,” is a failed approach.
There are a multitude of methods through which server security can be breached, and an attacker only needs to exploit a single vulnerability once, while a service provider on the other hand must constantly mount a successful defense against all attack vectors. In short, cybersecurity is a form of asymmetric warfare which decisively favors the attackers, and as we have seen time and time again, even sophisticated tech companies with competent security teams such as Linkedin and Yahoo have been breached. Thus, it is safe to assume that all services will eventually be breached. By definition, it simply isn’t possible to have 100% security.
This is the reason Proton Mail was designed from the ground up with end-to-end encryption. If the working assumption is that servers storing data will eventually be breached, the next best option is to not have data in the first place. By encrypting customer emails on the client side before they reach Proton Mail servers, Proton Mail does not have the ability to decrypt any of the emails stored on our systems. Thus, in the event of a compromise, it is not possible for attackers to steal something that we don’t have, that is, the mailbox password and contents of your messages.
We believe that in the current rapidly deteriorating cyber environment, with the rise of more numerous and capable state-backed actors, end-to-end encryption is the only viable approach to data security. While we are confident in the approach we have taken, Proton Mail does not exist in a bubble, and in today’s interconnected world, the Yahoo breach does have significant consequences for a proportion of Proton Mail users.
What to do if you are an Yahoo user
If you have ever had an Yahoo account in the past, there are three steps that you should take immediately.
1. Change your password and security questions
It is prudent to assume that ALL Yahoo passwords are now compromised, especially since some Yahoo passwords were stored with the insecure MD5 hash. Furthermore, we know that the Yahoo breach also leaked security questions and answers. This means if you used the same passwords and security questions from your Yahoo account on other accounts, you should immediately change those passwords and security questions. We recommend never using the same password between services.
2. Unlink your other online accounts from Yahoo
Finally, because Yahoo is a major email provider, if you have signed up for any other service using your Yahoo account, your accounts at those other services may also be compromised. This is because the email address used to register for a service can usually also be used to recover a forgotten password. This means an attacker who has access to your Yahoo account also has access to all your other accounts which were registered using your Yahoo account.
Because Yahoo is most likely fully compromised, you should unlink all of your other online accounts from Yahoo. For example, if you signed up for Facebook using Yahoo, you should change the email address in your Facebook account to a different email address.
If you are Proton Mail user, be aware that we allow account recovery via email. If your recovery address is from Yahoo, then this means a compromise of your Yahoo address could also lead to a compromise of your Proton Mail account! We recommend changing your recovery email address to a non-Yahoo address, or removing the recovery address entirely.
Note, even if your Yahoo account is compromised, and was used to reset your Proton Mail login password, your Proton Mail messages are still protected. This is because Proton Mail uses end-to-end encryption, which means resetting your password is not sufficient to gain access to your already encrypted messages.
3. Delete your Yahoo account
Given Yahoo’s abysmal track record when it comes to security, and the fact that Yahoo has previously willingly abetted and assisted government mass surveillance efforts, Yahoo is not a company that should be trusted with your personal data and communications.
To protect yourself from identity theft, the disclosure of sensitive personal communications, and other threats, you can simply remove this vulnerability by deleting your Yahoo account. This is something that we strongly recommend doing, especially since there exists other more secure Yahoo Mail alternatives such as Proton Mail which are also available for free.
With these steps, you can protect your private email communications and your entire digital life from suffering any ill effects as a result of the Yahoo hack. If you are a business owner, we also recommend checking out our guide on how to prevent email hacking.
The Proton Mail Team
You can get a free secure email account from Proton Mail here.
We also now provide a free VPN service.