Yahoo Confirms Massive Data Breach 500M Users Affected

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
As expected, Yahoo announced today that the massive data breach reported earlier this summer was far worse than expected with some 500 million users affected. Yahoo essentially sat on this information since the breach knowing that user's names, birthdays, email addresses, telephone numbers, hashed passwords and unencrypted security questions and answers were all compromised. :(

We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what we believe is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.
 
Only thing I have a yahoo account for is Flickr. Should probably change my password, but I really have nothing of consequence on there.
 
delita said:
500M accounts that have not been accessed since the release of Gmail.

Seriously, who uses Yahoo anymore?
Click to expand...


Well, their accounts are universal. So if you use any of their services, they are all tied together. I have a yahoo account only for Flickr. Way back in the day I used it for Yahoo Instant Messenger a little too, butt that's about it.

There are other services in the Yahoo family as well.

So, don't think of this only as email.
 
I probably haven't signed into my email since 2014.
I just opened it and remembered why I don't use it. Nothing but Spam and Facebook notifications.
 
delita said:
Seriously, who uses Yahoo anymore?
Click to expand...

Many people, usually without realising it. Many places, like British Telecom, outsource or used to outsource their consumer email services to the likes of Yahoo.
 
Ruh roh Raggie, trouble brewing! From a twitter post from Verizon:

Within the last two days, we were notified of Yahoo's security incident. We understand what Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact. We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities. Until then, we are not in [a] position to further comment.
Click to expand...
 
I hate security questions because they make your account less secure, not more. Its just another way to allow access to your account. And apparently just as obtainable via hacking as your password. And many times more likely to be duplicated on multiple sites even when you use unique passwords on all of them.
 
Incredible.

....but wait until Facebook gets hit.

That's a billion right there, maybe :p
 
EODetroit said:
I hate security questions because they make your account less secure, not more. Its just another way to allow access to your account. And apparently just as obtainable via hacking as your password. And many times more likely to be duplicated on multiple sites even when you use unique passwords on all of them.
Click to expand...

Well I use random answers anyway...nothing close to real stuff.
 
delita said:
500M accounts that have not been accessed since the release of Gmail.

Seriously, who uses Yahoo anymore?
Click to expand...

At least 500 million people. One of the reasons Verizon wanted to buy it. A lot more users for their data collection network to harvest and pitch to advertisers.
 
EODetroit said:
I hate security questions because they make your account less secure, not more. Its just another way to allow access to your account. And apparently just as obtainable via hacking as your password. And many times more likely to be duplicated on multiple sites even when you use unique passwords on all of them.
Click to expand...

Back in 2008, Sarah Palin's email address ([email protected]) was compromised due to her security questions. Now, just why she was running her Government correspondence through a private email address is beyond me.



Not exactly all that relevant to Yahoo's data breach, but interesting nonetheless.
 
EODetroit said:
I hate security questions because they make your account less secure, not more. Its just another way to allow access to your account. And apparently just as obtainable via hacking as your password. And many times more likely to be duplicated on multiple sites even when you use unique passwords on all of them.
Click to expand...

"We require at least a 32 digit alphanumeric password with 3 unique ascii characters, two capital letters, 3 numbers. Oh and security question is "What city were you born in". Most of their questions, if you answer correctly, are mostly public record items.
 
"Do you Yahoo!?"

Nope. Removed my account a long, long time ago.
 
Dead Parrot said:
At least 500 million people. One of the reasons Verizon wanted to buy it. A lot more users for their data collection network to harvest and pitch to advertisers.
Click to expand...

I wonder if Verizon knew about the breach when they bought it? I would think full disclosure on a corporate sale means full disclosure. . . .I wonder if all the bidders for Yahoo at the time knew it?
 
Darunion said:
"We require at least a 32 digit alphanumeric password with 3 unique ascii characters, two capital letters, 3 numbers. Oh and security question is "What city were you born in". Most of their questions, if you answer correctly, are mostly public record items.
Click to expand...

I vary the security question's answers so that even a search through public records won't be of any use. For example, if I were born in, say, Apache Junction, then I'd answer a question asking in which city I was born with "Comanche Function."
 
Deadly Ramon said:
I vary the security question's answers so that even a search through public records won't be of any use. For example, if I were born in, say, Apache Junction, then I'd answer a question asking in which city I was born with "Comanche Function."
Click to expand...
my answer would be something weird like what city was I born in?
ans: meatgrinders69!
 
I have a yahoo account because there are still a couple very good yahoo groups out there. I never use my yahoo email for anything and it is always empty accept for group updates which is now rare.
 
Quartz-1 said:
Many people, usually without realising it. Many places, like British Telecom, outsource or used to outsource their consumer email services to the likes of Yahoo.
Click to expand...
Yeah, I used to have a BT Yahoo! account (technicaly I still do but I don't use it), but my current ISP, Sky, uses Yahoo for their mail system too. Gonna have to ask them about this.
 
delita said:
500M accounts that have not been accessed since the release of Gmail.

Seriously, who uses Yahoo anymore?
Click to expand...
I used my yahoo account as a burner to sign up for contests and "questionable" sites.

But since I didn't hear this account was the source of the breach until now, I spent the last two days changing the passwords on dozens of online logins.

Thanks Yahoo!
 
You must log in or register to reply here.
Back
Top