Yahoo Says Hackers Stole Information From Over 1 Billion Accounts (go.com) 71
An anonymous reader quotes a breaking report from ABC News: Yahoo says it believes hackers stole data from more than one billion user accounts in August 2013. The Sunnyvale, California, company says it's a different breach from the one it disclosed in September, when it said 500 million accounts were exposed. That new hack revelation raises questions about whether Verizon will try to change the terms of its $4.8 billion proposed acquisition of Yahoo. Yahoo says the information stolen may include names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.
If this deal doesn't collapse... (Score:5, Insightful)
Re: (Score:2, Insightful)
It's pathetic that they claim bank account information is likely safe, but the combination of personal data _plus security questions and answers_ opens a whole new field.
That's why I never give my real birthdate, location, or real answers the security questions. I don't even use the same answers across different services. It's really an obvious weakness whenever you consider that a hacker could potentially build up a pretty detailed personal history on you just by collecting all the answers to security qu
Re: If this deal doesn't collapse... (Score:1)
Plus security questions such as mother's maiden name or name of pet are completely useless nowadays thanks to how much people share on social networks along with freely available public info sites.
Re: (Score:2)
Not necessarily. I've never had a pet, but the one I "borrow" died long before social media. No way they'll find its name there.
Re:If this deal doesn't collapse... (Score:5, Informative)
I agree completely. My password manager comment section is full of randomly generated passwords to answer those damn "security" questions.
"In what city were you born?" "cnf3kPiDkYDeYUur"
Re: (Score:2)
How do you say that when talking? :O
Re:If this deal doesn't collapse... (Score:5, Funny)
Cleveland
Re: (Score:1)
What makes you think Verizon isn't already "in on it?"
Re: (Score:2)
Verizon ought to can its proposed purchase: didn't they buy AOL recently? Aside from that, I'm glad that I finally migrated and closed my Yahoo account
Re: (Score:2)
Maybe they are going to revise their bid to something more realistic now, like $9.50.
Who am I kidding, you would have to pay me to take Yahoo away.
Yahoo should simply cease to exist (Score:3, Insightful)
It has utterly failed in every conceivable way. File for bankruptcy.
Re:Yahoo should simply cease to exist (Score:5, Funny)
They haven't caused a major oil or chemical spill, so strictly speaking they haven't failed in every conceivable way!
Re: (Score:2)
The search service sucks, the mail service blows, and the news is anything but the news. I see no reason for them to exist.
Re:Yahoo should simply cease to exist (Score:5, Interesting)
I see no reason for them to exist.
I do. They are a great site for throwaway email accounts, so I can make one-time-use of sites that insist that I "create an account". Of the billion compromised accounts, I suspect that only a small percentage are currently used by real people.
Re: (Score:3)
That is what the mailinator.com is for.
Re: (Score:2)
Pffff... the following in /etc/mail/virtusertable is faster for me :-)
dummy.me@ghost.mydomain.com realme@mydomain.com
Re:Yahoo should simply cease to exist (Score:4, Informative)
I'm finding more and more places that won't accept mailinator.com when registering, including its various alternate domains (there's a project that keeps an updated list). A lot of sites now completely disallow signing up through Tor, too. In order to make a Bugzilla account to report something anonymously, I had to first create a Github account, which you can do over Tor, and then use that to authenticate to Bugzilla. Fucking annoying.
Re: (Score:1)
Not any more - now they require a mobile phone number to create a new account.
Re:Yahoo should simply cease to exist (Score:4, Funny)
They haven't caused a major oil or chemical spill, so strictly speaking they haven't failed in every conceivable way!
It is annoying. People that overuse hyperbole should be literally shot. :)
Re: (Score:2)
To be fair, Yahoo has failed in every conceivable way a Internet tech company could fail. I'm eagerly awaiting the Yahoo afterlife, as a patent-trolling zombie owned by shady lawyers working out of East Texas.
Re: (Score:2)
Re: (Score:1)
Yahoo is doing fine (Score:2)
Now that Yahoo have warned their users it's those users who are responsible for changing their passwords. Not Yahoo's problem.
Shame about the publicity though, but you can't have everything.
Why though? (Score:3)
Why would Verizon care if a company they are buying is horribly insecure? Especially when Yahoo's users don't seem to care.
Re: (Score:3)
Re:Why though? (Score:4, Funny)
Why would Verizon care if a company they are buying is horribly insecure? Especially when Yahoo's users don't seem to care.
They might see it as a plus! "Finally, customers we can really abuse that will put up with it!"
Re: (Score:2)
Yeah, but Yahoo users are notorious cheapskates. About all they are good for blasting with ads and tricking with fake news.
Re: (Score:2)
Why would Verizon care if a company they are buying is horribly insecure?
They don't care. They just want an excuse to make Yahoo lower their price. Verizon's primary reason for the purchase is to "buy" the users. They'll argue the hack is reducing the value of the Yahoo brand name and causing people to leave the service over the poor security.
The company says it believes bank-account ... (Score:4, Insightful)
...The company says it believes bank-account information and payment-card data were not affected....
Geesh. Given the history of yahoo attacks and their announcements, give it a few weeks and then we'll probably see yet another announcement from yahoo about how hackers got bank account info and payment data. It has become apparent that Yahoo may not possess the ability to run an online portal securely.
Re: (Score:2)
Does the NSA [theguardian.com] count?
That said, at least some of this could be 'spin' (at least the way it's being publicized) so Verizon can pick up Yahoo for millions off the asking price, just like Nissan did to Mitsubishi before their merger.
Re:$39 Billion in market cap (Score:5, Informative)
I don't see how Yahoo has $39 billion in market cap.
Yahoo was an early investor in Alibaba, and owns about 15% of Alibaba's stock. If you subtract out the value of that stock, the rest of Yahoo actually had negative value prior to Verizon's offer.
Lies. (Score:2)
They sold that shit. Again.
Re: (Score:2)
Somebody stole my Hope Diamond.
payment information? (Score:1)
> bank-account information and payment-card data were not affected.
Anyone in their clear mind pays for anything from Yahoo?
Re: (Score:2)
Over the years I've bought a few items from a mail-order vendor [3btech.net] that uses Yahoo! for their checkout/payment. Nothing since the breach in question, though... their deals haven't been that good recently.
Yahoo! also offers "premium" mail service, no ads, IMAP access may be a premium-only feature.
Luckily, there's a precedent. (Score:1)
Re: (Score:1)
Wait (Score:1)
Re: (Score:2)
I think you might be onto something here.
I don't have a Yahoo account. I've used some Yahoo services, but always anonymously. So, no login to steal. I just received "Important Security Information for Yahoo Users". Which instructs me to go to a Yahoo account page and change my password and security questions. Well, I don't have one. But I'm willing to bet that Yahoo's account maintenance page will walk me through setting one up, should I bother to visit it. I'm not even going there to confirm that they hit
why now? (Score:1)
Re: (Score:3, Funny)
Seems to indicate major incompetence.
Hush, you fool! If you imply that a female CEO is anything less than amazing you'll have the SJW's showing up to protest our misogyny!
OH GOD, IT'S TOO LATE! Here they come! HOW DID THEY MAKE THOSE SIGNS SO FAST?!?
Re: (Score:2)
Not to mention that this happened before the one everyone thought was so bad.
This explains the sudden uptick in SPAM . . . (Score:2)
I wonder what they do with the abuse reports I manually submit via Yahoo's 'blessed' spam reporting site [yahoo.com]? Pretty sad that they won't just check "abuse@yahoo.com" - I wonder what happens to reports which get sent to that altogether predictable and logical address?
Everett Dirksen (Score:2)
To paraphrase Everett Dirksen, "A billion here, a billion there, pretty soon, that's a lot of users."
(His original quote was, "A billion here, a billion there, pretty soon, you're talking real money.")
Yahoo has a billion users? (Score:2)
Re: (Score:2)
One billion user accounts - that's more than Facebook has. If that's one billion unique users, that'd be one out of seven people on this planet with a Yahoo account.
First there was news of a hack of half a billion accounts, now one billion. Most of these will be inactive (including mine - been years since I logged in to Yahoo, or even visited the site). Many of them just have to be throwaway accounts created by spammers or so.
Some races you don't want to win (Score:2)
Yahoo now reports one Brazillion accounts compromised. Someone needs to tell them that this isn't the race they want to win. Much like 'catching' a cold or 'taking' a piss, but I guess if you are losing by every other metric you find one you can excel at ? Bottom line is all of their accounts were hacked and STILL nothing of value was lost.
Time to give Marissa a raise (Score:2)
I need one of these CEO jobs. One where I can be negligent, ignoring security issues and get paid millions.
I also need one that will give me tens of millions for getting terminated for doing a crappy job.
Frankly, if I were in Yahoo's CEO position and did nothing, it would likely be better than what the existing CEO has "accomplished".
Re: (Score:2)
The point being is that you are probably not qualified.
Total count? (Score:2)
Where's my cut? (Score:5, Funny)