Security News Yahoo preparing to confirm massive data breach, affecting 200 million accounts

[nclr11111]

200million accounts??
I´m in deep water here so correct me if i´m wrong, but if Yahoo employed salted password hashing on account credentials there would take a long, long time to crack 200 million passwords!? At least all that are +8digits.
Wheather you use brute force, dictionary or rainbow tables as attack, 200 million passwords is a lot to take on. And if you can´t crack them there´s not much to sell, is there?

Ofc it´s not good for Yahoo but if they at least made sure to secure the account credentials as best they could the damage isn´t as bad as if they stored the credentials in plain text, which i hope is NOT the case.....

 

[exCode]

I use one free account only for mail part (since 2005) without real info (for example, to receive fresh malware samples )

Makes sense.

 

[soccer97]

Yeah, Yahoo does have a less than great record.

Anyone ever get malicious emails from people you know but they may not use yahoo mail anymore or it's been a while since you heard from them? They are blank messages or have a spammy subject and contain a link (that of course, when you run through VirusTotal or another scanner is malicious). Seems like a few have been compromised for a while.

 

[jamescv7]

I'm not surprise for Yahoo's mediocre security enhancement.

This also reflect to Google Mail and even Hotmail for using standard security protocol which can cause data breach anytime.

No matter if the passwords are salted which can take many years to crack however, steal is steal. Your information already is at risk and it cannot be reversible; just change your password.

 

[Terry Ganzi]

Yahoo says spies stole data compromising 500 million accounts

Yes, spies. Today Yahoo released an unassuming bulletin entitled “An Important Message About Yahoo User Security.” In it, they revealed that a massive data breach had taken place in 2014, a hack that contained compromising information on half a billion of Yahoo’s users. Yahoo says that the culprit behind this crime is a “state-sponsored actor.”

We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

As Forbes points out, bcrypt is a very strong encryption method, so these passwords could still be safe. However, if this is a ‘state-sponsored’ act, it might not be unreasonable to assume that the powers that now have possession of this data might have more robust decryption technology than your regular basement hacker. Takeaway here: you probably want to change your Yahoo password. And if you’re in the 59% of the population that resuses the same passwords on multiple services, then you should change all of those passwords too.


It is reported that no bank account information was compromised in this breach.

Source http://www.androidauthority.com/yahoo-largest-account-breach-ever-717968/

 

[Exterminator]

http://news.softpedia.com/news/yaho...fter-announcing-huge-data-breach-508605.shtml

 

[CMLew]

I just recovered one of my Yahoo account (I have 2), as I kept received the "sign-in prevented" email from recovery account. It was abandon since 2011. After retrieving the account, it was interesting insight.

Saw 14 sent mail, all are spam email sent. .

Interesting sight. LOL

 

[Exterminator]

http://news.softpedia.com/news/us-s...affects-companies-not-just-users-508708.shtml

 

[hnbp16]

I changed my password as well, just in case.