Posted on 11/01/2016 4:24:49 PM PDT by Freedom of Speech Wins
TECH YAHOO HACK
Yahoo Has Been Hacked: What You Need to Know
by Jeff John Roberts @jeffjohnroberts SEPTEMBER 22, 2016, 5:57 PM EDT
Photograph by Getty Images
It’s time to change your password. It’s a cyber catastrophe. Yahoo on Thursday confirmed a massive security breach that saw hackers steal personal information for over 500 million accounts. Yahoo YHOO -0.53% says a foreign government is to blame.
The incident is a big deal, since so many have a Yahoo account of some type or other — for email or finance or fantasy sports and so on. The fallout will have major implications for consumers and Yahoo’s still on-going merger with Verizon. Here’s a plain English Q&A about what we currently know.
What did the hackers steal?
They obtained consumers’ names, email addresses, phone numbers, birthdates and “hashed passwords” (more on that below). In some cases they also stole security questions and answers that would let the hackers access the account.
Get Data Sheet, Fortune’s technology newsletter.
Who are the hackers?
Yahoo would only describe them as a “state-sponsored actor.” In other words, a foreign country used its military or intelligence services to break into Yahoo’s systems. The most likely culprits, in order, are: China; Russia; North Korea.
So did the hackers get into everyone’s account?
Not necessarily. The good news is Yahoo used a type of cryptography called “hashing” to protect the passwords. This means that the hackers would, in some cases, have to use powerful computers to crack the passwords one at a time.
The bad news is that many people still use common passwords, and hackers typically use computer programs to test those first (too bad for those of you who still use “12345” or “password” or “Iloveyou”). Also, since Yahoo says some users’ security questions are compromised, the hackers will have an easy way into those accounts too.
What can I do to protect my account?
If you haven’t changed your password since late 2014, which is when the breach occurred, you should do so immediately. Yahoo also says it will be contacting affected users and asking them to supply “alternate means of account verification.” (This probably means you’ll be asked to replace those security questions with some sort of two-factor authentication.)
Also, keep an eye on any other accounts for which you may have used the same password. A common tactic is for hackers to take usernames and passwords they steal from one site, and then try to log in with them elsewhere.
Yahoo Is Expected to Come Clean About a Massive Data Breach
Why did Yahoo take so long to warn everyone?
Good question. It’s currently unclear when Yahoo learned about the attack. A news story in early August described how a hacker was trying to sell Yahoo accounts on the Internet, though this doesn’t mean the earlier episode is connected to the mega-breach announced on Thursday.
All Yahoo has said so far is that a “recent investigation… has confirmed the breach.”
What does this mean for Yahoo?
It’s not good. For one, its failure to tell Verizon VZ -0.91% (which is in the process of buying the company) could jeopardize the merger. And it won’t be long before a gaggle of class action lawyers start suing Yahoo over the breach. Federal and state regulators will likely launch investigations, and possibly demand fines or penalties from the company.
I’m guessing Kim Jong Un has read every classified email of Hillary’s.
And they’re still blaming the Russians.
Oh my, so all the classified documents I copied at my work at the State Department, and put on yahoo for convenience could potential be at risk??? Who knew this could be a problem??
Don’t worry, Yuma forwarded all her secret stuff to her Yahoo email address because it was easier to print.
Wink, wink
That 500 million hack happened in 2014.
Nearly every significant company/corporation/organization experiences hacking attempts.
Wikipedia has a list of many of the major data breaches since around 2000:
https://en.wikipedia.org/wiki/List_of_data_breaches
First or second time?
Huma, Yuma. Same damn thing
http://www.nbcnews.com/tech/security/hundreds-millions-email-accounts-hacked-traded-online-says-expert-n568491
Bookmark
What you say?
huge=yuge too
I feel sorry for the poor bastard who reads my 10,000 plus undeleted emails on yahoo.
The hack took place TWO years ago, and it’s just now being made known, but Yahoo has known all this time.
I suspect this is the source of the info published by wikileaks. I also suspect Abedin was using yahoo as a dead drop.
Why not just get another email account and dump Yahoo?
I get spam emails from friends that have Yahoo accounts all the time. Usually include a suspicious link to someplace I’ve never heard of. I respond they’ve been hacked and should change their password.
Folks that have a Yahoo account should seriously consider moving.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.