Post Reply Yahoo announces MASSIVE breach - 500 million users info compromised.
1519 cr points
Send Message: Send PM GB Post
M / USA
Offline
Posted 9/22/16 , edited 9/22/16
http://www.wsj.com/articles/yahoo-says-information-on-at-least-500-million-user-accounts-is-stolen-1474569637

User names, hashed passwords, security questions, name/address/phone number, etc.

Seems like Yahoo intentionally withheld this information so the company could be sold to Verizon Communications for more money.


Yahoo Inc. disclosed a massive security breach by a “state-sponsored actor” affecting at least 500 million users, potentially the largest such data breach on record and the latest hurdle for the beaten-down internet company as it works through the sale of its core business.

Yahoo said certain user account information—including names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers—was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor.

Yahoo said it is notifying potentially affected users and has taken steps to secure their accounts by invalidating unencrypted security questions and answers so they can’t be used to access an account and asking potentially affected users to change their passwords.

Yahoo recommended users who haven’t changed their passwords since 2014 do so. It also encouraged users change their passwords as well as security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account.

The company, which is working with law enforcement, said the continuing investigation indicates that stolen information didn't include unprotected passwords, payment-card data or bank account information.

With 500 million user accounts affected, this is the largest-ever publicly disclosed data breach, according to Paul Stephens, director of policy and advocacy with Privacy Rights Clearing House, a not-for-profit group that compiles information on data breaches.

No evidence has been found to suggest the state-sponsored actor is currently in Yahoo’s network, and Yahoo didn’t name the country it suspected was involved. In August, a hacker called “Peace” appeared in online forums, offering to sell 200 million of the company’s usernames and passwords for about $1,900 in total. Peace had previously sold data taken from breaches at Myspace and LinkedIn Corp.

A Yahoo spokesman said at the time that the company was aware of the claim and was “working to determine the facts.”

In 2012, Yahoo had more than 1 billion user accounts in its databases. User passwords were protected via a cryptographic algorithm called MD5, which can be cracked using the latest password-breaking techniques, said a source familiar with the situation.

The company in 2012 dealt with a data breach that allowed a hacker group to download 453,000 unencrypted usernames and passwords.

Last year, Yahoo launched a program to detect and notify users when it strongly suspects that a state-sponsored actor has targeted an account. Not including the current investigation, roughly 10,000 users have been notified.

Verizon Communications Inc. in July agreed to buy Yahoo’s Web assets for $4.83 billion in cash, ending a drawn-out process of trying to split the beleaguered internet company from its lucrative stake in Alibaba Group Holding Ltd.

The price, which includes Yahoo’s core internet business and some real estate, capped a remarkable fall for the Silicon Valley web pioneer that had a market capitalization of more than $125 billion at the height of the dot-com boom in early 2000.

Verizon on Thursday said it was notified of Yahoo’s security incident within the last two days but has “limited information and understanding of the impact.”

“We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities,” Verizon said.

B. Riley & Co. analyst Sameet Sinha said the breach is unlikely to affect terms of the Verizon deal.

“Data breaches have become part of doing business now,” he said, adding that LinkedIn still fetched a “nice” premium in June, getting a $26.2 billion buyout deal from Microsoft Corp. , following the May disclosure that it had underestimated the broad impact of its 2012 data breach.

Yahoo and Verizon will need to “provide extensive communications and help to consumers to make sure passwords are changed quickly and of course bolster their security,” said Mr. Sinha.

Data breaches are on the rise in the U.S., affecting companies from Target Corp. to Verizon Enterprise Solutions and putting millions of users’ information at risk. National nonprofit Identity Theft Resource Center reported 687 breaches exposing roughly 28.8 million records through Tuesday this year. The Federal Bureau of Investigation and cybersecurity experts say they are seeing a notable increase in ransomware, but there appears to be no single cause for the increase.

Shares of Yahoo fell 0.3% to $44.02 in afternoon trading, while shares of Verizon added 1% to $52.39.
10652 cr points
Send Message: Send PM GB Post
Offline
Posted 9/22/16
Damn those pink carnelian bastards.
444 cr points
Send Message: Send PM GB Post
17 / M
Offline
Posted 9/22/16
Bad people
846 cr points
Send Message: Send PM GB Post
F / somewhere on earth
Offline
Posted 9/22/16
Never had a Yahoo account, so I'm good
488 cr points
Send Message: Send PM GB Post
43 / M / Washington State
Offline
Posted 9/22/16
I love how we're just finding out about this. I've changed my password since then so I'm not too worried.
31154 cr points
Send Message: Send PM GB Post
30 / M
Offline
Posted 9/22/16
People still use Yahoo? Wow, I learned something new today...
3606 cr points
Send Message: Send PM GB Post
29 / F / Chicagoland ~
Offline
Posted 9/22/16
Late 2014? Glad I never use my Yahoo password for anything else besides other free accounts I don't care about. I have an email address through them specifically for trash mail and store mail stuff.
827
1497 cr points
Send Message: Send PM GB Post
17 / F / Sutton, MA // Cas...
Offline
Posted 9/22/16
welp rip my 3 yahoo accounts i dont use
19849 cr points
Send Message: Send PM GB Post
69 / M / Limbo
Offline
Posted 9/22/16 , edited 9/22/16
must move nudes
37970 cr points
Send Message: Send PM GB Post
M
Offline
Posted 9/22/16
I am trying to remember my yahoo password
7189 cr points
Send Message: Send PM GB Post
Earth
Offline
Posted 9/22/16
People actually use Yahoo these days?
32389 cr points
Send Message: Send PM GB Post
24 / M / St.Louis - USA
Offline
Posted 9/22/16
dang
51521 cr points
Send Message: Send PM GB Post
20 / M
Offline
Posted 9/22/16
I didn't even know 500 million people still used Yahoo in 2014.
5449 cr points
Send Message: Send PM GB Post
54 / M / Tacoma, WA. wind...
Offline
Posted 9/23/16
and you are surprised by this?
You must be logged in to post.