How the Yahoo Breach Impacts Your Online Business
By Kevin Lee /
20 Dec 2016
The Yahoo breach is just the latest in a long line of recent data breaches that put both individuals and businesses at risk. Last week, I published a post on how to protect your online security as a consumer. This week, I’m going to cover how you can protect your business from the impact of the Yahoo breach.
Why you should care about the Yahoo breach
It’s huge, and the information stolen has lots of potential for fraudsters. Data from 1 billion users – 3 times the size of the entire US population – have been released into the wild. That means there’s a good chance that some of your users had their information breached. There’s also a good chance that the information that was stolen (e.g., passwords) is similar to what they used to sign up for an account with your business. There are some recent reports that 73% of people use duplicate passwords.
If bad actors now have access to your users’ data, that means they can now access your site on behalf of (previously) good users. They can make your life difficult by posting bad content (like spam) and committing payment fraud, all under the name of a supposedly legitimate user.
Once your users figure out that their account with your business has been hacked (for example, if they spot a fraudulent credit card charge or a spammy message), they’re likely to lose trust in your company. They may even stop using your service. This is especially concerning for content- and community-driven merchants, because a drop in engagement could cascade into an engagement problem with all users…even if they weren’t impacted by the security issue.
How to spot a compromised account
Spotting anomalies into your customer’s behavior is key. Here are some examples of what to look for:
- Spike in transaction velocity
- Suddenly buying significantly more expensive items
- Change in shipping address (now shipping to a different country)
- Change in shipping method (everything overnight)
- Change in ‘typical’ content (posting spam)
- Login from a new device or IP
- Recent change in password
Aside from the behavioral signals, it’s also important to have workflow systems and tools in place that make it easier to spot these trends. For example, having the ability to view customer history and previous engagement on your site is crucial. Is your customer buying something that costs 10X more than their usual purchase amount? Are they posting content or reviews that are completely unrelated to previous posts?
Account takeovers are a growing trend that many online businesses may not be on the lookout for. We’re so used to spotting new, fake accounts doing shady things that we tend to overlook suspicious behavior from existing customers who have been with us for months – if not years. Meanwhile, we may also get pressure to keep the experience as frictionless as possible (especially for good customers) and let orders through as quickly as possible.
A side effect of focusing on stopping fake accounts is that we’ve pushed bad actors into hacking existing user accounts to accomplish their nefarious goals. In fact, many merchant systems may be built in such a way to not monitor long-standing accounts that have turned to the dark side. This puts even more pressure on leveraging fraud-prevention systems that have the ability to see the complete picture.
May the Force be with you.
Kevin is the Trust and Safety Architect at Sift Science. Building high-performing teams and systems to combat malicious behavior are what drive him. Prior to Sift, Kevin worked as a manager at Facebook, Square, and Google in various risk, spam, and trust and safety roles.