Thread: Yahoo hack: security of 1 billion accounts breached

Glad I stopped using those clowns years ago

“An unauthorised party” breached more than one billion Yahoo user accounts in August 2013, the company said on Wednesday evening.



The incident is probably separate from the 500 million-user breach the company disclosed in September,yahoo said in a statement posted on its website, though the company believes the hacks are connected and that the breaches are “state-sponsored”.


Yahoo said the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers.



The breach may be related to theft of Yahoo’s proprietary code, the company said. Someone had been able to build “forged cookies” – bits of code that stay in the user’s browser cache so that a website doesn’t require a login with every visit, Yahoo spokespeople wrote. The cookies “could allow an intruder to access users’ accounts without a password”.


The company is ibeing acquired by Verizon but the sale has not been an easy one. In October,a report reveled that the company had cooperated with the NSA to scan users’ emails for keywords on behalf of the agency.



A Verizon lawyer, Craig Silliman, said that the September breach had clearly damaged Yahoo’s value and hinted that the damage ought to be reflected in the buying price. “I think we have a reasonable basis to believe right now that the impact is material and we’re looking to Yahoo to demonstrate to us the full impact,” Silliman told reporters in October. “If they believe that it’s not, then they’ll need to show us that.”


Payment card data and bank account information were not stored in the system believed to be affected, the company said. Yahoo is notifying all the users affected and asking them to change their passwords.



https://www.theguardian.com/technolo...ounts-breached

Originally Posted by Sumbitch

Originally Posted by blue

Glad I stopped using those clowns years ago

I was one of the clowns that continued to have a Yahoo account even though: 1) it has been hacked 3 times that I know of--in 2012 and Sep. and Dec. of this year and 2) I have only spam in my inbox.

The only things can do are: 1) change your Yahoo password (or delete the account, especially if your inbox is like mine and just contains spam) 2) change all the passwords on any other accounts that were in your Yahoo account, eg your recovery email account and 3) delete the security questions on the same accounts (including Yahoo).

And 4) set up two factor authentication.

Originally Posted by harrybarracuda

And 4) set up two factor authentication.

Yes, true.