On Sept. 22, Yahoo Inc. announced on its official Tumblr and Twitter accounts that it had confirmed a hack from late 2014 that copied information, including account passwords, security questions and answers, from 500 million user accounts. The announcement comes after a challenging several months for the tech giant, which Verizon agreed to acquire in July 2016 for $4.8 billion.
Yahoo also took a traditional PR route to announce the leak, using a wire service for a press release and tweeting a link to an official statement from the company's chief information security officer. Messaging around the hack took a two-tiered approach: "Here's what we're doing to investigate, and here's what users can do to protect themselves."
An important message about Yahoo account security https://t.co/gu6qdp3KMW
— Yahoo Inc. (@YahooInc) September 22, 2016
In the release, after promising it would do its part to investigate the source of the hack and notify all affected users, Yahoo put the onus on users to be proactive about their own security, reviewing accounts for suspicious activity and recommending users employ the tech company's password-less authentication tool.
Hacks have become an all-too-common reality, with Colin Powell's email breach, the DNC leak and Panama Papers scandal all taking center stage in the mainstream media in 2016 alone. With cybersecurity threats on the rise, communicators in every industry should have a crisis response plan in place in case of a breach.
Issuing periodic reminders for users to change their passwords, listing cybersecurity best practices on a company website and maintaining an internal list or company-wide policy recommending or enforcing the use of password encryption and management tools like LastPass are all proactive steps communicators can take to prepare for the worst-case scenarios.
Follow Sophie: @SophieMaerowitz
Follow Ian: @IanWright0101