Security News Yahoo preparing to confirm massive data breach, affecting 200 million accounts

nclr11111

Level 6
Verified
Well-known
Feb 25, 2011
277
200million accounts??
I´m in deep water here so correct me if i´m wrong, but if Yahoo employed salted password hashing on account credentials there would take a long, long time to crack 200 million passwords!? At least all that are +8digits.
Wheather you use brute force, dictionary or rainbow tables as attack, 200 million passwords is a lot to take on. And if you can´t crack them there´s not much to sell, is there?

Ofc it´s not good for Yahoo but if they at least made sure to secure the account credentials as best they could the damage isn´t as bad as if they stored the credentials in plain text, which i hope is NOT the case.....
 

soccer97

Level 11
Verified
May 22, 2014
517
Yeah, Yahoo does have a less than great record.

Anyone ever get malicious emails from people you know but they may not use yahoo mail anymore or it's been a while since you heard from them? They are blank messages or have a spammy subject and contain a link (that of course, when you run through VirusTotal or another scanner is malicious). Seems like a few have been compromised for a while.
 
  • Like
Reactions: DardiM

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
I'm not surprise for Yahoo's mediocre security enhancement.

This also reflect to Google Mail and even Hotmail for using standard security protocol which can cause data breach anytime.

No matter if the passwords are salted which can take many years to crack however, steal is steal. Your information already is at risk and it cannot be reversible; just change your password.
 

Terry Ganzi

Level 26
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
Yahoo says spies stole data compromising 500 million accounts

Yes, spies. Today Yahoo released an unassuming bulletin entitled “An Important Message About Yahoo User Security.” In it, they revealed that a massive data breach had taken place in 2014, a hack that contained compromising information on half a billion of Yahoo’s users. Yahoo says that the culprit behind this crime is a “state-sponsored actor.”

We have confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.

As Forbes points out, bcrypt is a very strong encryption method, so these passwords could still be safe. However, if this is a ‘state-sponsored’ act, it might not be unreasonable to assume that the powers that now have possession of this data might have more robust decryption technology than your regular basement hacker. Takeaway here: you probably want to change your Yahoo password. And if you’re in the 59% of the population that resuses the same passwords on multiple services, then you should change all of those passwords too.


It is reported that no bank account information was compromised in this breach.

Source http://www.androidauthority.com/yahoo-largest-account-breach-ever-717968/
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
I just recovered one of my Yahoo account (I have 2), as I kept received the "sign-in prevented" email from recovery account. It was abandon since 2011. After retrieving the account, it was interesting insight.

Saw 14 sent mail, all are spam email sent. :rolleyes:.

Interesting sight. LOL
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top