“Yahoo on Wednesday disclosed a second data breach — and it’s a biggie,” James Covert reports for The New York Post.
“The struggling Web pioneer said a hack in August 2013 had compromised more than 1 billion user accounts — twice the size of an already-huge hack it revealed in September,” Covert reports. “The newly discovered breach — which looks like the largest hack of all time, according to security experts — may have spilled an unprecedented trove of stolen e-mail addresses, telephone numbers, passwords and even security questions and answers, Yahoo said late Wednesday.”
“Yahoo said it is forcing all affected users to change their passwords and is invalidating unencrypted security questions — tough measures that it failed to take after it discovered the 500 million user-account hack earlier this fall,” Covert reports. “The news sent Yahoo’s stock sliding 2.5 percent, to $39.90, in extended trading.”
Read more in the full article here.
MacDailyNews Take: What a mess. At this rate, damaged-goods Yahoo will be paying Verizon to “buy” them.
SEE ALSO:
Yahoo secretly scanned all customer emails for FBI, NSA, sources say – October 4, 2016
Yahoo confirms data breach of at least 500 million user accounts – September 22, 2016
Verizon to acquire beleaguered Yahoo for $4.8 billion – July 25, 2016
[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up.]
Can yahoo just die already? Who still uses them?
I do … as a “junk” email address.
Yahoo, meet Whoopie.
I hate security questions. They’re all questions that I’ll never remember the answers to.
Me, too. Dumb questions that oft times I don’t have answers to let alone be able to remember.
My website implements security questions that the user can make up. It gets frustrating when a user says they cannot remember the answer to their own question.
Just can’t win.
Make up answers that have nothing to do with the question. That way, old friends, enemies and family can’t guess them.
Second, buy a password manager like Lastpass or 1Password. It’s the only way to keep hundreds of passwords.
You don’t have to answer them. You just need to enter text. Make up a rule for yourself: “My answer to security questions is the last five words of the question plus the word Bildo.” Or whatever.
I also use yahoo as a junque email account. My password is so strong the jerks didn’t get it. At least yahoo hasn’t notified me. Nothing to get anyway.
Also use yahoo as a junk address, don’t think I’ve even logged in except for fantasy football for 8 years. And we moved that to ESPN in 2011.
Gotta love that Cloud.
Remind me again between the Russians, the Chinese, the Israelis, Spammers, Scammers, the NSA, GCHQ and Apple’s shiteous security why I am supposed to put all my stuff in the cloud instead of on a physical device?
After nude pix of celebrities on iCloud end up online and the endless breaches of service after service, why would anyone think their stuff is safe.
Yeah, especially those nude pictures of celebrities that are using blackberries and Qndroid phones … explain to me, please, how those showed up on ‘icloud’?
The vast majority of iCloud accounts are safe, safer than most other alternatives — except if you make your password such gems as ‘password’ or ‘12345’ (which were the only ones being compromised).
What does an email breach have to do with ‘the cloud’, or do you even have any clue what you are talking about?
Anything on a remote server is “in the cloud”.
As to not knowing what I am talking about, in Radiology we have been securely pushing images over networks since before ARPANET. So no, someone who used to push sensitive medical information over networks by command line would know NOTHING about data security. Oc computers or the associated security risks.
FYI anything that can be secured by software can be hacked, the only limitation being the complexity required. Just as any door can be subject to forced entry, any server can as well- some are just harder than others. The best case scenario is to make hacking more difficult than it is worth.
If you think your iOS device or Mac’s data is secure and you use iCloud, I assure you that it is hackable and can be seen by the NSA and any number of other state, corporate or criminal actors should they what to. Back up and sync your stuff over iCloud and they do not need your physical device. Hackers can also plant stuff in your iCloud Drive that will then sync to your devices which could then be used to destroy your credibility or implicate you in some activity.
Physical storage is much more secure than anything over the internet.
You can go back to your X Box now.
Thanks for confirming that your argument is mostly hubris and based “may” “might” “could” and other ‘safe words’.
> Back up and sync your stuff over iCloud and they do not
> need your physical device.
Short of using a dummy password, care to explain how they’d do that?
> Hackers can also plant stuff in your iCloud Drive that will then sync
> to your devices which could then be used to destroy your credibility
> or implicate you in some activity.
Short of using a dummy password, care to explain how they’d do that?
Read and Learn:
http://www.spiegel.de/international/world/how-the-nsa-spies-on-smartphones-including-the-blackberry-a-921161.html
https://theintercept.com/2016/03/08/snowden-fbi-claim-that-only-apple-can-unlock-phone-is-bullshit/
http://www.forbes.com/sites/erikkain/2013/12/30/the-nsa-reportedly-has-total-access-to-your-iphone/#44565adc1604
Or if you wish to watch, here is Snowden on Vice:
Not sure if it’s funny, or sad, that you consider Snowden some sort of authority, or even credible source, on this subject.
Just as a hint, though : you’re not doing your claims to be knowledgeable about this any favours by listing those sort of sources – especially claiming there’s something to ‘learn’ from Snowden.
Anybody who uses their real information is an idiot.
Remind me again, what exactly has Marisa Myers brought to Yahoo?
I wonder what operating system their servers use.
Yahoo tracks where you login from. Whenever I looked, plus two factor authentication, I haven’t noticed any bad attempts.
I have no clue why email has become such a cluster#### all over the place. From greylisting, blacklisting, hacking and now spam. Is it really that difficult to trace back the the source when everything has a digital signature? I think I get these “Get a job $2,500 – $3,000” emails every day lately.. like 10-20 a day. There is a part of me that feels that if other countries are un willing to control their conduct the the net, then we should block the whole country from our country. Than there’s another part of me that realizes that sucks and we need to be able to communicate globally. Such a frustrating thing.
Verizon, you want this?
No you don’t.