Yahoo is expected to confirm massive data breach, impacting hundreds of millions of users
Source: Recode
Yahoo is poised to confirm a massive data breach of its service, according to several sources close to the situation, hacking that has exposed several hundred million user accounts.
While sources were unspecific about the extent of the incursion, since there is the likelihood of government investigations and legal action related to the breach, they noted that it is widespread and serious.
Earlier this summer, Yahoo said it was investigating a data breach in which hackers claimed to have access to 200 million user accounts and was selling them online. Its as bad as that, said one source. Worse, really.
The announcement, which is expected to come this week, also possible larger implications on the $4.8 billion sale of Yahoos core business which is at the core of this hack to Verizon. The scale of the liability could be large and bring untold headaches to the new owners. Shareholders are likely to worry that it could lead to an adjustment in the price of the transaction.
Read more: http://www.recode.net/2016/9/22/13012836/yahoo-is-expected-to-confirm-massive-data-breach-impacting-hundreds-of-millions-of-users
True Dough
(17,331 posts)I kick myself for still having an old Yahoo account. It has been hacked several times. Even after changing passwords, I have received emails and calls from friends saying that they've received possibly virus-laden spam from my account.
I've been reluctant to delete that Yahoo account because I always think there will be something of value sent there and not to my gmail account, but the article in the OP is the last nudge I need to shut down that Yahoo account completely.
riversedge
(70,306 posts)have to make some major switch overs to shut it down. damn
True Dough
(17,331 posts)But the account is technically still in existence for three months. This is the message I received upon deletion:
You no longer have access to this account, which will be deleted from our user database in approximately 90 days. This delay is necessary to discourage users from engaging in fraudulent activity.
getagrip_already
(14,838 posts)They have to retain data for 90 days in case the law wants to see what was in there. Been that way for a while.....
True Dough
(17,331 posts)They'll read about my sister and I kvetching about the weather? Go right ahead, NSA guys. Enjoy.
getagrip_already
(14,838 posts)But the intent is to be able to go back after they uncover a crime and see who else might be involved, or what else was going om.
For example, someone deletes all there social media accounts and emails and then goes out and shoots up a school. They want the ability to go back and reconstruct what lead up to the shooting.
But.... What it really leads to is the belief that they own all of your data if you are ever accused of any kind of crime. You can be prosecuted for deleting data before any crime is investigated as though you willfully did it after it was clear the authorities would be interested in it.
They reach too far imho.
True Dough
(17,331 posts)but I have nothing to hide and have no intent to commit a crime, so I'm not concerned about anything showing up on their radar. If I did do something heinous, I would forfeit my right to privacy to a degree, just like I forfeit my right to freedom after being imprisoned.
getagrip_already
(14,838 posts)They can and do get secret access to email accounts just on the suspicion that you did something. It's a 4th amendment issue.
The gov't can't come into your home and rifle through all of your correspondence and documents without a VERY good reason and a specific search warrant.
That doesn't exist for your soft data. They can get an open ended secret warrant, and put your isp under a gag order, and keep you under surveillance pretty much forever, without you ever knowing.
You don't have to do anything wrong. They just have to acquire an interest in you.
And if trump gets into office, they can get interested just because you criticize him.
ginnyinWI
(17,276 posts)I get very little spam, and it goes into the spam folder anyway. I like gmail because it is reliable, you can have your emails come in pre-sorted into Primary, Social, Promotions, and Updates. Primary is from actual people. Social is notifications from social media. Promotions is for things you sign up for like Panera Bread offers. Updates are for things like your Amazon order that has shipped.
It is also Android friendly and I have it on my Android phone seamlessly.
apnu
(8,758 posts)But is under constant attack. Individual accounts are breached daily at GMail. I've not heard Google disclose a breach yet, but give them time, it will happen. Nobody and nothing is safe.
Please, if you don't already, use a password manager and have unique passwords for all of your various logins online. That will mitigate the damage when a breech occurs.
Most individual account hacks come from a breech (say Dropbox) and then hackers try those stolen passwords on other sites like GMail and get in that way. Its become commonplace these days.
Last Pass works pretty well.
davepdx
(224 posts)or are they accounts using passwords only and are thus guessable? I've not seen any hard data on the frequency of account hacking for any email provider comparing the use of only passwords versus the use of passwords and 2 factor authentication. I think it is silly to not be using 2 factor authentication myself as that adds another security layer. I have it on all my email accounts including Yahoo so I will be curious to see what type of accounts have been exposed.
apnu
(8,758 posts)Doesn't mean it won't happen sometime in the future, anything is possible. The more complicated a system gets, the more attack vectors it has. Two factor auth isn't a panacea, it never will be.
But two factor auth, if an option, is usually a smart option to take, if you don't mind putting up with it. Its one of the best, widely used options available to us.
The problem with that is, many people hate it. Its more security than they want to put up with and avoid it if possible. That is until they are compromised somewhere important to them, then they're all in for 2-factor.
I do unique passwords and 2-auth wherever I can.
davepdx
(224 posts)I agree that 2 factor authentication isn't a panacea and I agree with your overall perspective here. I just wasn't aware of any widespread circumvention of 2 factor authentication to date. There are ways to circumvent it but those that I am aware of require control of or access to the person's cell phone, landline telephone or even their email (where authorization codes could be sent).
2 factor authentication is a bit of a hassle but it is certainly far better than not using it imo. I too use strong, unique passwords for every website or account that I have. And I use KeePass for storing all my login ids and passwords. To me it is simply a very minor hassle use these tools as I have many hundreds of login ids and password pairs to store and use.
apnu
(8,758 posts)I like KeePass because I can keep the file on me. I just don't fully trust the cloud, though Last Pass works really hard to get my attention.
joshcryer
(62,276 posts)Made them super random and crazy.
jberryhill
(62,444 posts)I find the uncritical acceptance of that "fact" interesting.
There may be zillions of zombie accounts, but I seriously doubt that Yahoo has "hundreds of millions of users".
This may be devastating to the Nigerian economy.
geek tragedy
(68,868 posts)jberryhill
(62,444 posts)still_one
(92,417 posts)finance page on the internet, they revamped it with adware, reorganized the navigation, and it is now so slow it is not usable.
Fortunately the Canadian yahoo site didn't get the "new look and feel", and it works just fine.
Canadian Site:
ca.finance.yahoo.com
I wonder if Verizon has a case against Yahoo, if Yahoo was aware of this, and didn't disclose it?
True Dough
(17,331 posts)The problem with the Canadian site is that it lacks some of the financial details on small and micro cap companies that the American site offers. That data can be found elsewhere, but it means navigating through multiple sites (not a bad idea if you're planning to make a stock market investment anyway).
Glimmer of Hope
(5,823 posts)I will try the Canadian version.
apnu
(8,758 posts)Expect any and all Internet services you use will be breached some day.
Here's a tip: Never recycle passwords. Start using a password vault and have unique and very hard passwords for all logins you have professionally and personally.
KeePassX is a good one if you like installing an app on your devices and keep your password vault locally. Lastpass is a fine cloud based one with many kinds of plugins for various browsers and devices.
Whichever is fine. Or some other password manager you find, but never recycle passwords again.
getagrip_already
(14,838 posts)Seriously, I do. Sue me.
Sunlei
(22,651 posts)truthisfreedom
(23,155 posts)Sunlei
(22,651 posts)The Corp. reset everything. All users who want their account/email back will have to 'verify' to make a new password, security questions and get the account back. Purge will clean out several years of server storage space, includes photos sharing site Flickr and the blogging platform Tumblr . Provide the buyer(Verizon) with updated clean account information including current phone number as part of the new security.
Why don't we have thousands of people complaints by now from an 'information dump' 2 months ago? (millions of accounts) Just my opinion.
Buckeye_Democrat
(14,858 posts)I still have a very old Yahoo account with none of my personal information. I tried to create another one years later, but I stopped when I saw the steps to verify my identity.
I get a steady stream of requests from Yahoo to update my information and to give them a cell number for verification purposes (supposedly for my benefit somehow), but I never do it. I figured there might indeed be a data breach someday.
milestogo
(16,829 posts)and a password keeper.
You just have to make sure the password doesn't have any characters you can't type in your mobile phone if you need to. Like |
https://strongpasswordgenerator.com/