Yahoo discloses ‘largest hack of all time,’ says hackers stole data from over one billion users

“Yahoo on Wednesday disclosed a second data breach — and it’s a biggie,” James Covert reports for The New York Post.

“The struggling Web pioneer said a hack in August 2013 had compromised more than 1 billion user accounts — twice the size of an already-huge hack it revealed in September,” Covert reports. “The newly discovered breach — which looks like the largest hack of all time, according to security experts — may have spilled an unprecedented trove of stolen e-mail addresses, telephone numbers, passwords and even security questions and answers, Yahoo said late Wednesday.”

“Yahoo said it is forcing all affected users to change their passwords and is invalidating unencrypted security questions — tough measures that it failed to take after it discovered the 500 million user-account hack earlier this fall,” Covert reports. “The news sent Yahoo’s stock sliding 2.5 percent, to $39.90, in extended trading.”

Read more in the full article here.

MacDailyNews Take: What a mess. At this rate, damaged-goods Yahoo will be paying Verizon to “buy” them.

SEE ALSO:
Yahoo secretly scanned all customer emails for FBI, NSA, sources say – October 4, 2016
Yahoo confirms data breach of at least 500 million user accounts – September 22, 2016
Verizon to acquire beleaguered Yahoo for $4.8 billion – July 25, 2016

[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up.]

22 Comments

    1. Me, too. Dumb questions that oft times I don’t have answers to let alone be able to remember.

      My website implements security questions that the user can make up. It gets frustrating when a user says they cannot remember the answer to their own question.

      Just can’t win.

      1. Make up answers that have nothing to do with the question. That way, old friends, enemies and family can’t guess them.
        Second, buy a password manager like Lastpass or 1Password. It’s the only way to keep hundreds of passwords.

    2. You don’t have to answer them. You just need to enter text. Make up a rule for yourself: “My answer to security questions is the last five words of the question plus the word Bildo.” Or whatever.

  1. Gotta love that Cloud.

    Remind me again between the Russians, the Chinese, the Israelis, Spammers, Scammers, the NSA, GCHQ and Apple’s shiteous security why I am supposed to put all my stuff in the cloud instead of on a physical device?

    After nude pix of celebrities on iCloud end up online and the endless breaches of service after service, why would anyone think their stuff is safe.

    1. Yeah, especially those nude pictures of celebrities that are using blackberries and Qndroid phones … explain to me, please, how those showed up on ‘icloud’?

      The vast majority of iCloud accounts are safe, safer than most other alternatives — except if you make your password such gems as ‘password’ or ‘12345’ (which were the only ones being compromised).

      1. Anything on a remote server is “in the cloud”.

        As to not knowing what I am talking about, in Radiology we have been securely pushing images over networks since before ARPANET. So no, someone who used to push sensitive medical information over networks by command line would know NOTHING about data security. Oc computers or the associated security risks.

        FYI anything that can be secured by software can be hacked, the only limitation being the complexity required. Just as any door can be subject to forced entry, any server can as well- some are just harder than others. The best case scenario is to make hacking more difficult than it is worth.

        If you think your iOS device or Mac’s data is secure and you use iCloud, I assure you that it is hackable and can be seen by the NSA and any number of other state, corporate or criminal actors should they what to. Back up and sync your stuff over iCloud and they do not need your physical device. Hackers can also plant stuff in your iCloud Drive that will then sync to your devices which could then be used to destroy your credibility or implicate you in some activity.

        Physical storage is much more secure than anything over the internet.

        You can go back to your X Box now.

        1. Thanks for confirming that your argument is mostly hubris and based “may” “might” “could” and other ‘safe words’.

          > Back up and sync your stuff over iCloud and they do not
          > need your physical device.

          Short of using a dummy password, care to explain how they’d do that?

          > Hackers can also plant stuff in your iCloud Drive that will then sync
          > to your devices which could then be used to destroy your credibility
          > or implicate you in some activity.

          Short of using a dummy password, care to explain how they’d do that?

            1. Not sure if it’s funny, or sad, that you consider Snowden some sort of authority, or even credible source, on this subject.

              Just as a hint, though : you’re not doing your claims to be knowledgeable about this any favours by listing those sort of sources – especially claiming there’s something to ‘learn’ from Snowden.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.