Yahoo says 1 billion user accounts have been hacked

William Gayde

Posts: 373   +5
Staff member

In what will go down as one of the largest data breaches in history, Yahoo disclosed today sensitive account information from more than 1 billion users accounts has been compromised. That's a billion, with a 'b'.

Yahoo describes the details of the breach dating back to August of 2013. The stolen data may include names, email addresses, phone numbers, dates of birth, hashed passwords, and possibly unencrypted security questions. Financial information like bank account and credit card data was stored elsewhere, and Yahoo believes that system was not affected.

In response, Yahoo announced it will notify all potentially affected users and require them to change their passwords. As for the unencrypted security questions, Yahoo has invalidated them as well. The 3-year delay in reporting the incident is troublesome nonetheless as hackers have already likely used or sold the information. Yahoo was recently in the spotlight after it disclosed in September that at least 500 million accounts had been compromised in a 2014 breach. Forensic experts do not believe that the two massive hacks are related, but Yahoo employees reportedly knew about the 2014 intrusion well before it was announced.

Also revealed in the press release is information that a third party has accessed Yahoo's proprietary code. This separate incident allowed an intruder to create forged cookies to access user accounts without the need for a password. Yahoo recommends users avoid clicking links or downloading attachments from suspicious emails that appear to be from Yahoo.

While nothing can be made totally secure, a hack of over 1 billion accounts is unprecedented. Earlier this year Verizon agreed to purchase Yahoo for $4.8 billion but there is speculation that Verizon may ask for a sizable discount.

Permalink to story.

 
Last edited by a moderator:

ikesmasher

Posts: 3,053   +1,380
Thats it. Going back in and deleting all of them. What a joke. I removed any slightest-bitsensitive info from all of them but this is too much.
 

Makson

Posts: 115   +26
Who would go to Gmail ....only those who don't mind having all their data and like & dislikes collected.....see ad preference questions and research the many other ways they track your movements.
 

Kibaruk

Posts: 3,836   +1,183
Joke's on them. My yahoo accounts are non-important troll accounts.
Hahahahahahaha!!!! This is assuming you have a separation between troll accounts and normal accounts... you left it open... :)

Why do they save passwords anyway? AFAIKS, only for NSA.
I can't stop laughing from this topics reply even if I wanted hahahahaha,

Nice present this Christmas! Thank you Yahoo! We wish you all the best!
This happened so long ago that even if they waited until january, all the damage that could've been probably done is already done =P anyone who had a yahoo account knew that just had to change passwords and so on, the security questions are a *****, reminder to not use the same everywhere.
 

OutlawCecil

Posts: 737   +562
Who would go to Gmail ....only those who don't mind having all their data and like & dislikes collected.....see ad preference questions and research the many other ways they track your movements.
Um do you realize gmail is one of the few who doesn't sell your account information to 3rd party companies? Sign up for a new Yahoo, msn, gmail ...etc account and don't ever use it. All of them will FILL with spam except for gmail, who only uses your information to help you have more relevant ads while on google. Apparently you prefer random ads that don't pertain to you. They don't add more ads, they customize them. Oh, and a robot does that, not a human. So what's your complaint exactly?
 

JaredTheDragon

Posts: 680   +433
Who would go to Gmail ....only those who don't mind having all their data and like & dislikes collected.....see ad preference questions and research the many other ways they track your movements.
Um do you realize gmail is one of the few who doesn't sell your account information to 3rd party companies? Sign up for a new Yahoo, msn, gmail ...etc account and don't ever use it. All of them will FILL with spam except for gmail, who only uses your information to help you have more relevant ads while on google. Apparently you prefer random ads that don't pertain to you. They don't add more ads, they customize them. Oh, and a robot does that, not a human. So what's your complaint exactly?
Uhm, you do realize that Gmail is Google, correct? And that Google is the NSA's company from top to bottom, and always has been? Just like Facebook is the CIA's, and the big tech companies all answer to Langley...

Amusing that you think Gmail of all products would be safer. It barely even has features.
 

OutlawCecil

Posts: 737   +562
Uhm, you do realize that Gmail is Google, correct? And that Google is the NSA's company from top to bottom, and always has been? Just like Facebook is the CIA's, and the big tech companies all answer to Langley...

Amusing that you think Gmail of all products would be safer. It barely even has features.
What planet do you live on? If you honestly believe all of that, I think you should be living somewhere secluded, in a cabin with no internet while wearing a tin-foil hat so the aliens can't get ya'.

No, the NSA doesn't own Google and no the CIA doesn't own Facebook. Yes, both can force Google and Facebook to comply using legal methods which would REQUIRE them to give over information but that is not Google or Facebook's fault. The CIA and NSA could require this from ANY company you happen to have given your information to. If you're mad at this, be mad at the laws, not the companies. But now we're getting side-tracked. I was merely talking about gmail's policy about selling your information, which they don't.

And if you think yahoo has more features than gmail, you haven't used gmail. :)
 

JaredTheDragon

Posts: 680   +433
What planet do you live on? If you honestly believe all of that, I think you should be living somewhere secluded, in a cabin with no internet while wearing a tin-foil hat so the aliens can't get ya'.

No, the NSA doesn't own Google and no the CIA doesn't own Facebook. Yes, both can force Google and Facebook to comply using legal methods which would REQUIRE them to give over information but that is not Google or Facebook's fault. The CIA and NSA could require this from ANY company you happen to have given your information to. If you're mad at this, be mad at the laws, not the companies. But now we're getting side-tracked. I was merely talking about gmail's policy about selling your information, which they don't.

And if you think yahoo has more features than gmail, you haven't used gmail. :)
Alright, bud. Go ahead and live in your fantasy world where huge corporations actually care about you. Cecil. ;)
 

OutlawCecil

Posts: 737   +562
Alright, bud. Go ahead and live in your fantasy world where huge corporations actually care about you. Cecil. ;)
Large companies care about profit, to become larger. More "free" email accounts mean more traffic, more ad views, and name-brand popularity. So yes, this is the way the real world works. If you think the NSA and CIA care enough to monitor your facebook to see if Brad is really dating Stacy, your living in a dream world. 90% of people live extremely boring lives, those organizations are looking for more interesting content. I'm one of those boring lives, so I've got nothing to hide. Hello CIA :)
 

JaredTheDragon

Posts: 680   +433
Large companies care about profit, to become larger. More "free" email accounts mean more traffic, more ad views, and name-brand popularity. So yes, this is the way the real world works. If you think the NSA and CIA care enough to monitor your facebook to see if Brad is really dating Stacy, your living in a dream world. 90% of people live extremely boring lives, those organizations are looking for more interesting content. I'm one of those boring lives, so I've got nothing to hide. Hello CIA :)
Not really big on the news, huh? Never looked into the topic before, either? You're welcome.
 

Whack Tack

Posts: 10   +1
Kinda hard to authenticate users without being able to confirm the password they entered is correct. And they are hashed so are at least encrypted to some degree.
In Linux you have saved only hash not passwords....so there is no need for saving passwords!
 

Whack Tack

Posts: 10   +1
Hahahahahahaha!!!! This is assuming you have a separation between troll accounts and normal accounts... you left it open... :)


I can't stop laughing from this topics reply even if I wanted hahahahaha,


This happened so long ago that even if they waited until january, all the damage that could've been probably done is already done =P anyone who had a yahoo account knew that just had to change passwords and so on, the security questions are a *****, reminder to not use the same everywhere.
You may laugh, but I see that you do not understand anything.
So let me teach you.
In Linux you have saved only hash not passwords....so there is no need for saving passwords!
Can you laugh now?
 

Kibaruk

Posts: 3,836   +1,183
You may laugh, but I see that you do not understand anything.
So let me teach you.
In Linux you have saved only hash not passwords....so there is no need for saving passwords!
Can you laugh now?
Hello and welcome to grammar 101...
 

captaincranky

Posts: 16,065   +4,867
Joke's on them. My yahoo accounts are non-important troll accounts.
Frankly, I'm amazed even you can tell your "troll accounts", from your, "real accounts". Surely some of your "real personality" has to carry over.

Speaking on my own behalf, the only thing I use Yahoo Mail for, is so that I can reap the rewards of my rude posts, with rude replies to them. Keep those cards and letters pouring in folks...

On a more serious note, I was forced to change all my passwords after the last Yahoo hack. I'm hoping they don't disable my accounts and make me change my passwords again. I mean the news of this "latest hack", came after the "last hack", which actually came after this new, ("latest"), hack, if that makes any sense... :rolleyes:
 

Darth Shiv

Posts: 2,047   +630
Who would go to Gmail ....only those who don't mind having all their data and like & dislikes collected.....see ad preference questions and research the many other ways they track your movements.
At least it's securely. And at least they don't scan your photos on your device and build albums and ask you if you want to publish them. And at least they don't change your privacy settings without consent. There is plenty worse than Google out there (sadly).