September 2016

Yahoo Account Information Breach

What Happened?

In late 2014, state-sponsored hackers obtained account information (including names, phone numbers, security challenge questions with answers, and hashed passwords) for 500 million Yahoo accounts.

What is the Risk?

While the passwords exposed were hashed, weak or short passwords will be compromised over time by password cracking tools.

Despite the fact that Yahoo has invalidated them on their servers, exposed security questions and answers may be used to reset passwords for other Read more about Yahoo Account Information Breach

Dropbox Password Leak

While Dropbox is not approved for Harvard data, we realize many members of the community use it for personal data. For University data, you may use departmental shares or Harvard’s instances of Google Drive, OneDrive, and SharePoint.

What Happened?

A security incident at Dropbox in 2012 resulted in the breach of 60+ million email addresses and password has. Dropbox has forced password resets for affected users.

What is the Risk?

While the risk to Dropbox accounts has been removed by Dropbox’s password reset, any Read more about Dropbox Password Leak