[WARNING] 500 Million Yahoo Accounts Hacked by “state-sponsored actor”"

nlinecomputers

nlinecomputers

Well-Known Member
Reaction score
8,590
Location
Midland TX
http://lifehacker.com/500-million-yahoo-accounts-hacked-change-your-password-1786958537

500 Million Yahoo Accounts Hacked, Change Your Passwords Now

Yahoo has confirmed that information from at least 500 million user accounts was stolen in 2014. While the information was leaked earlier today, it’s worse than we initially thought. If you have a Yahoo account, it’s time to change your password.


Yahoo is notifying potentially affected users right now, but the information that was accessed by what they’re calling a “state-sponsored actor” includes tons of personally identifiable information, though thankfully no credit card numbers or bank account information was accessed. Here’s what Yahoo released today:

A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.

Instead of waiting from that email from Yahoo to confirm your info was included in this breach, it’s best to change your password right now. Use strong passwords, get a password manager, and don’t use the same password as you do for other sites. It’s also a good time to enable two-factor authentication on that Yahoo account.

 
nlinecomputers said:
http://lifehacker.com/500-million-yahoo-accounts-hacked-change-your-password-1786958537

500 Million Yahoo Accounts Hacked, Change Your Passwords Now

Yahoo has confirmed that information from at least 500 million user accounts was stolen in 2014. While the information was leaked earlier today, it’s worse than we initially thought. If you have a Yahoo account, it’s time to change your password.


Yahoo is notifying potentially affected users right now, but the information that was accessed by what they’re calling a “state-sponsored actor” includes tons of personally identifiable information, though thankfully no credit card numbers or bank account information was accessed. Here’s what Yahoo released today:

A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.

Instead of waiting from that email from Yahoo to confirm your info was included in this breach, it’s best to change your password right now. Use strong passwords, get a password manager, and don’t use the same password as you do for other sites. It’s also a good time to enable two-factor authentication on that Yahoo account.
Click to expand...
Did you see the pucture of Marissa Myers on MSN? I thought it was someone else. That company has aged her badly.
 
nlinecomputers said:
http://lifehacker.com/500-million-yahoo-accounts-hacked-change-your-password-1786958537

500 Million Yahoo Accounts Hacked, Change Your Passwords Now

Yahoo has confirmed that information from at least 500 million user accounts was stolen in 2014. While the information was leaked earlier today, it’s worse than we initially thought. If you have a Yahoo account, it’s time to change your password.


Yahoo is notifying potentially affected users right now, but the information that was accessed by what they’re calling a “state-sponsored actor” includes tons of personally identifiable information, though thankfully no credit card numbers or bank account information was accessed. Here’s what Yahoo released today:

A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.

Instead of waiting from that email from Yahoo to confirm your info was included in this breach, it’s best to change your password right now. Use strong passwords, get a password manager, and don’t use the same password as you do for other sites. It’s also a good time to enable two-factor authentication on that Yahoo account.
Click to expand...
Hmmmm.
I wonder if it is just Yahoo accounts or also ISPs that use Yahoo Email servers.
For example, Rogers is a very large ISP up here in Canada and you access your Web Mail at rogers.yahoo.com.
 
Wow I never realized that yahoo was hosting email for ISP! That stinks. Fortunately this won't affect the business clients too much... except I'm sure plenty of them have personal yahoo accounts and use the same passwords for their work stuff. Oof. Thanks again, Yahoo.
 
In my opinion, the big problem isn't really the stolen passwords, names, birthdays. Really we should be used to that stuff by now.

The bigger problem may be the loss of "...in some cases, encrypted or unencrypted security questions and answers" Since security questions and answers are often pretty common between websites, that might be more problematic in the long term. And "in some cases" isn't defined. Maybe 100 accounts. Maybe 200 million accounts.

How often do we see, and answer, the same or very similar security questions over and over . . .

First job?
Mother's maiden name?
High School?
Where you met your spouse?
Etc, etc.
 
Add with that the common mistake of password reuse and you start the see the problems. Example: TeamViewer I am convinced that TV was correct and no one hacked their network. Just a smart hacker who thought to try the same passwords on TV accounts as the list from LinkedIN.
 
You must log in or register to reply here.

Similar threads

Porthos
[WARNING] Dell Systems Hacked to Steal Customer Information
Replies
1
Views
705
Markverhyden
Markverhyden
LedHed
[TIP] Hacked Yahoo Acct? Check Filters
Replies
7
Views
1K
LedHed
LedHed
HCHTech
Shared folder access by equipment
Replies
16
Views
3K
nerd2u
nerd2u
Your PCMD
U.S. Breaks Up Fake I.R.S. Phone Scam Operation
Replies
5
Views
1K
Porthos
Porthos
SOHOtechRob
LastPass Vulnerability
Replies
10
Views
2K
drpcfix
drpcfix
Back
Top