Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Yahoo Discloses Second Major Hack, More Than 1 Billion Accounts Compromised

I'm not going to bash Yahoo! as a whole since they are the ones that built the foundation for the sites we have today. Essentially, we wouldn't be here today if the old school didn't pave the way. But, I will point my finger at Marissa Mayer because her failure to disclose this information is simply criminal. She once said; "Good students are good at all things." But even with her shiny Ivy degree, she's a massive failure.
 
  • Like
Reactions: NewtonAurelius and thasan
I signed in just to ask a straight forward question I'm surprised nobody seems to have caught. And it may be the reason Yahoo! ever had such a high number of members. I recall email issues when BellSouth was bought-out by AT&T. And in a tech-support call I inquired and was told that Yahoo! handles (under contract) all AT&T email. Is that true? If so you've got the largest 'wireless' carrier in America with almost all customers having an AT&T email account. Now I do NOT know if this is correct; but if so it's AT&T that should be sending out a Press Release about this, not just Yahoo! And that has far wider implications than Yahoo! alone. Could someone clarify whether this is that case. I'm a market analyst and asking the question in my nightly analysis as well. Thank you in advance.
 
And to think that people I know in person who used Yahoo! Mail and snickered at me for subscribing to MobileMe...

I know that many are hesitant about the uptime or reliability of MobileMe/iCloud, but at least we can have a little more faith that Apple will come clean about any hack on their system in a timely manner. 2013... sheesh!
 
  • Like
Reactions: NewtonAurelius and timeconsumer
My speculation is that Marissa knew about both incidents at the time it happened.
However, she chose to keep it a secret.

She had to disclose the previous time in order to get a clean buyout without criminal charges
Now that the buyers are putting another ton of pressure on the deal: If they discover any undisclosed incidents, it will be a lot more than just criminal charges. This forces her hand to disclose a further back incident.

It's safe to say this is the end of Marissa's career as an executive. The best she can make in the future is at start-ups... not at high value corporations.
 
  • Like
Reactions: NewtonAurelius
Just got the email - one of my accounts was "compromised." Glad I change passwords regularly, and don't put anything sensitive on it.
 
If this happened before the one they just had you reset all of your account info for, why would you bother to do it again?
 
MacRumors said:



Yahoo today announced that it believes more than one billion Yahoo user accounts were compromised in a hack by an unauthorized third party in August of 2013.

Information stolen from affected accounts includes names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers. Clear text passwords, bank account information, and credit/debit card information were not believed to be accessed in the attack.

yahoo-800x302.jpg

According to Yahoo, the hack was discovered after law enforcement officials provided the company with what appeared to be Yahoo user data from an unknown source. Yahoo says it has not been able to identify the specific intrusion, but it is "likely" distinct from a late 2014 hack that compromised more than 500 million Yahoo user accounts.

Earlier this year, Yahoo confirmed that "at least" 500 million user accounts were accessed in September of 2014, and this marks a second attack during the same general timeframe.

Yahoo is notifying users who may have been affected by the attack, and says it has "taken steps" to secure their accounts by implementing mandatory password changes. Unencrypted security questions and answers have also been invalidated.

Along with the 2013 hack compromising 1 billion user accounts, Yahoo has also announced that an ongoing outside investigation suggests an unauthorized third party accessed proprietary code to forge cookies, a technique that may have been used by the hackers responsible for the September 2014 attack. Those account holders are also being notified.Yahoo suggests users "review all of their online accounts" to check for suspicious activity and change any passwords that might have been used for a Yahoo account and another online account. Yahoo also recommends implementing two-factor authentication and avoiding links from suspicious emails.

Article Link: Yahoo Discloses Second Major Hack, More Than 1 Billion Accounts Compromised
Click to expand...
What's even worse than the hack itself is Yahoo's apparent inability to NOTICE when they're being hacked. 3 years hackers had time to exploit 1 billion users accounts. Affected users will probably join in a class-action against Yahoo for damages. That should be the end of it.
Marissa will parachute out and some company will pick up the pieces for pennies on the $.
[doublepost=1481773498][/doublepost]
MACashin said:
Yawho?
Click to expand...
http://www.urbandictionary.com/define.php?term=yahoo

Always thought that name was inappropriate. I briefly had a myname@yahoo.com email account back in the 90s.
Then I didn't want to be called a "Yahoo" and created my own domain name. Haven't used Yahoo for anything in nigh on 20 years.
 
And now, they force you to change your password.
The rules for those passwords are nothing but annoying to any user but easy for any computer to guess...
 
Oblivious.Robot said:
God damn it. I knew I should've switched long time ago. :mad:
As someone with at least 3 active yahoo accounts, am a complete idiot.

Can someone please recommend a better alternative?
Am opening Gmail accounts as we speak!
Click to expand...

Gmail with two factor authentication.

I am not sure it's a password hack though. Maybe someone can provide more information but it seems this hack is direct to their infrastructure rather than hacking individual accounts. Changing passwords might not matter.
[doublepost=1481774264][/doublepost]
Porco said:
And people scoff at Apple for including a facepalm emoji.
Click to expand...

Is there a scoffing emoji?
 
  • Like
Reactions: Oblivious.Robot
Oblivious.Robot said:
God damn it. I knew I should've switched long time ago. :mad:
As someone with at least 3 active yahoo accounts, am a complete idiot.

Can someone please recommend a better alternative?
Am opening Gmail accounts as we speak!
Click to expand...
There's quite a few out there. Gmail is great as they have an app for both Android and iOS. If I was looking for a new email address I would go with Gmail or iCloud. The problem that I am running into currently is that I mostly use iCloud (been using it since it was .Mac), and I recently switched to Android so I'm having to try out different e-mail apps on Android to sync with iCloud, had I went with Gmail from the start, I wouldn't have this issue as I could just use the gmail app. So that may be something to keep in mind.

Also, if you're more privacy conscious you can look into ProtonMail, they offer a nice app on both Android and iOS.

mariusignorello said:
For those of you looking to switch, I use iCloud for personal and Zoho for business. Zoho is free even with your own domain.
Click to expand...
Thanks for this post, I was looking at registering my own domain but was curious if any e-mail providers allowed for free hosting with your own domain. Do you by any chance have any recommendations for where to register a domain?
 
  • Like
Reactions: Oblivious.Robot
Users should be told of every piece of their information that has been stolen, to the best of Yahoo!'s knowledge. There should be a jail term for sitting in this for three years.
 
  • Like
Reactions: NewtonAurelius and rbrian
HACKERS HAVE ALL YOUR INFORMATION ALREADY. THEY HAVE HAD IT FOR YEARS. YOU ARE NOT SAFE AND YOU NEVER WERE. IF IT AIN'T YAHOO IT's target or Google.

But on a side note... What was Marissa Meyer doing all this time? No Really. I want to know that!
 
B4U said:
And now, they force you to change your password.
The rules for those passwords are nothing but annoying to any user but easy for any computer to guess...
Click to expand...
Easy for any computer to guess?
 
timeconsumer said:
There's quite a few out there. Gmail is great as they have an app for both Android and iOS. If I was looking for a new email address I would go with Gmail or iCloud. The problem that I am running into currently is that I mostly use iCloud (been using it since it was .Mac), and I recently switched to Android so I'm having to try out different e-mail apps on Android to sync with iCloud, had I went with Gmail from the start, I wouldn't have this issue as I could just use the gmail app. So that may be something to keep in mind.

Also, if you're more privacy conscious you can look into ProtonMail, they offer a nice app on both Android and iOS.


Thanks for this post, I was looking at registering my own domain but was curious if any e-mail providers allowed for free hosting with your own domain. Do you by any chance have any recommendations for where to register a domain?
Click to expand...
Google Domains. Starting at $12/year with private registration. Admin system is simple to use.
 
  • Like
Reactions: timeconsumer
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back