Verizon Says All 3 Billion Yahoo Accounts Were Compromised in 2013 Attack

[Zwhaler]

Well, my already low opinion of Yahoo just tanked further. Sad that I migrated a bunch of web services over to that email account. Things should be okay as long as we don't hear about another data breach since this all went down.

 

[Steve121178]

Well, my already low opinion of Yahoo just tanked further. Sad that I migrated a bunch of web services over to that email account. Things should be okay as long as we don't hear about another data breach since this all went down.

Should be ok? What??

If anyone continues to use a Yahoo account for anything then they need professional help. I'd not trust a company that continually lied and attempted to cover-up the seriousness of a catastrophic breach.

You should delete your Yahoo account immediately.

 

[VulchR]

This is seriously getting out of hand. The EU fines companies that are negligent in handling customer's private information, perhaps the US should start doing the same. I don't suppose anybody in the government has wondered what a foreign government (North Korea, Russia, PRC *cough*) could do with this type of information if it were used in a cyberattack....

 

[CristianM]

What's more shocking is that Y actually had 3 billion accounts

That's not active accounts, or unique accounts, just accounts they amassed over the years, and you have to remember that at one point Yahoo was big enough to buy Google. Myself I have 4 or 5 and I never use any of them.

 

[steve62388]

How could you miss this obvious fact and default on the identity politics? Maybe its time for some self reflection and question what’s distorting your worldview.

Not really. There are biases all over the industry and all over the net, including here.

 

[VulchR]

That's not active accounts, or unique accounts, just accounts they amassed over the years, and you have to remember that at one point Yahoo was big enough to buy Google. Myself I have 4 or 5 and I never use any of them.

But those accounts include information about the user - the kinds of information other web sites use for validating identities. If misused, this information could cause chaos.

 

[SarcasticJoe]

This is what happens when you let people who don't know what they're doing be in charge of your corporate security.

Read some time ago that the position of Chief Security Officer, or CSO, is quite commonly used as a place to put managers that top management want to fast track to top management regardless of their knowledge on the subject based on the rationale that they're not going to cause much damage at that job. Another equally common and disturbing management caused security mismanagement, and reason why the Sony Pictures hack happened, is how management sometimes ends up weighing the cost of well maintained security against the cost and risk of a breach and deciding if they want to invest in proper security based on that assessment.

 

[CristianM]

But those accounts include information about the user - the kinds of information other web sites use for validating identities. If misused, this information could cause chaos.

Definitely, I was just replying to a guy who was surprised that yahoo has 3B accounts.

 

[Ethosik]

At some point very soon, I'm pretty sure that bad actors are going to know all the verifiable information about everyone, including the answers to just about all security questions.

So what are the implications? It will be interesting.

Security questions are a joke. That is why when I have questions like "What is your favorite childhood book?" I answer with b*&^BUv678. That is a great book!

 

[kpeex]

Maybe that clown from Experian can go as well.

I love the smell of burnt CEOs in the morning. it smells like... victory.

Turn off the juice, you're burning the wrong guy!
Equifax, not Experian.

 

[Packers1958]

When I set up my yahoo account, I used a bogus name, bogus address, etc. So even if someone has that info, it's meaningless info. I am Colonel Sanders.

 

[steve333]

Nothing is completely safe. What web based email service is 100% safe? Gmail? Outlook?
I have a false birthday on my account and I check my security preferences in case it looks like someone other than me is trying to access it. Yahoo also sends me a warning

 

[Larry-K]

Turn off the juice, you're burning the wrong guy!
Equifax, not Experian.

I was thinking that, but Hey, is there that much difference?

I didn't give any of these crooks permission to use my data.

 

[JamesPDX]

This is seriously getting out of hand. The EU fines companies that are negligent in handling customer's private information, perhaps the US should start doing the same. I don't suppose anybody in the government has wondered what a foreign government (North Korea, Russia, PRC *cough*) could do with this type of information if it were used in a cyberattack....

In the US, we are weak on enforcing laws that protect consumers and the middle class. Many have tried to reform the laws, but it's become almost impossible and riddled with loopholes. BTW, It's a great country to live if you're wealthy enough to re-route/engineer your actual income into an annuity (etc) and have your taxable income seem nil.

https://www.amazon.com/Perfectly-Legal-Campaign-Rich-verybody/dp/1591840694