Yahoo Topped Record List of Data Breaches in 2016, Report Finds

Today's topics include a security report that shows the theft of 1.5 billion Yahoo user records helped make 2016 a record year for data breaches, Facebook’s announcement that it is implementing Security Key technology, the Office 365 Threat Detection feature that warns users of unsafe email links and Platform9’s new managed Kubernetes service to enable serverless computing for users.

The reported breaches at Yahoo exposed approximately 1.5 billion records, which along with a handful of other immense breaches, made 2016 a record year for data loss, according to a report released by security firm Risk Based Security on Jan. 25.

The report collected and sifted through 4,149 confirmed breach reports from a variety of sources, finding that at least 4.2 billion records were potentially compromised in 2016, up from approximately 1.0 billion in 2013, the previous record.

While the total number of reported data breaches held steady over the past few years, the average breach exposed more records than previous years, Inga Goddijn, executive vice president at Risk Based Security, told eWEEK.

Facebook announced on Jan. 26 that it is supporting Security Key technology in an effort to improve security and reduce the risk of user account takeovers.

With an increasing volume of data breaches that have leaked user passwords, the need for strong authentication methods, beyond just a simple username and password, has become increasingly apparent.

The new U2F support provides the option for Facebook users to use a USB security key that is plugged into a device, in order to gain secure access. The U2F standard was first announced by the FIDO Alliance in December 2014 as a method to help improve strong authentication.

With a U2F security key, a user does not need to wait for an SMS message or a code from an application, either of which could potentially be intercepted by an attacker.

In an update to Microsoft's email security service, Office 365 Advanced Threat Protection, the software giant is making it tougher for dangerous links within email messages to escape attention.

The company has announced the availability of a new feature dubbed URL Detonation, which builds on the product's existing URL reputation analysis and scanning capabilities to alert users when a suspicious link appears in an email.

"If the user clicks a link during the scan, the message 'This link is being scanned' is displayed," explained the Microsoft Office 365 in a blog post. "If the link is identified as malicious after the scan, a pop-window opens notifying the user that the file is malicious and warns the user against opening it.”

In the event users ignore the warning and click on dangerous URLs, administrators can mitigate the damage by setting a Safe Links tracking policy within Advanced Threat Protection.

The emerging world of serverless computing could soon see another viable option if the open-source Fission effort that Platform9 is helping to lead is successful. Serverless computing, also sometimes referred to as event driven programming, is a model of cloud services deployment that doesn't require dedicated servers to run application functions.

Platform9 first emerged from stealth mode in August 2014, with the promise of helping to make it easier to manage OpenStack based cloud deployments.

Platform9 has continued to evolve its management platform and has officially announced the general availability of its managed Kubernetes service, which first entered into beta in July 2016. The evolving open-source Fission effort makes use of Kubernetes to enable serverless capabilities for users.