Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Yahoo Discloses Second Major Hack, More Than 1 Billion Accounts Compromised

Steve121178 said:
You don't understand the maliciousness of such hacks. A lot of people use the same password for everything, so the hackers will be able to compromise everything a user uses that email address & combination for, such as social media, Amazon, eBay, PayPal etc etc etc. They can also reset account passwords with ease once they have access to your main accounts.
[doublepost=1481795358][/doublepost]

Change passwords? You should delete your Yahoo account immediately.
[doublepost=1481795582][/doublepost]

Just close it!
Click to expand...

That is my gut reaction, just be done with it and Flickr.
[doublepost=1481865328][/doublepost]
faded_glory said:
In the UK the word 'yahoo' is not an exuberant cry of joy and freedom, but a word referring to a bunch of people likely to be reckless, arrogant, untrustworthy and general unsuited to responsibility. That was the meaning that sprang to mind when I first saw the company name Yahoo, so I avoided them.
Funny how things turn out sometimes.
Click to expand...
it basically means the same here Stateside, a buffoon, well-meaning idiot...
 
Msail30bay said:
AND....... for Porn ;) stuff.
[doublepost=1481863464][/doublepost]This IS WHY I ONLY use Verizon and iCloud mail with my real info and fake names/profile for Yahoo, Hotmail and Gmail. Who are these people who uses their real names, address and credit cards to create a profile/account with Yahoo, Hotmail and Gmail :rolleyes: Good god, WHEN will people learn....... On the other hand, look at the ones that helped to elect Trump - hopeless.
Click to expand...
They might actually be using some paid services that those companies offer? Like cloud storage or something else?
 
Msail30bay said:
AND....... for Porn ;) stuff.
[doublepost=1481863464][/doublepost]This IS WHY I ONLY use Verizon and iCloud mail with my real info and fake names/profile for Yahoo, Hotmail and Gmail. Who are these people who uses their real names, address and credit cards to create a profile/account with Yahoo, Hotmail and Gmail :rolleyes: Good god, WHEN will people learn......
Click to expand...
You guys must be kids for asking such questions. For many people of my generation such accounts are 15 or more years old, from the innocent days of the Internet when we participated in mailing lists and forums with our real names (no credit cards though), which appear also in our e-mail addresses. Even today there are some mailing lists in the twilight of the web where people write by revealing their true identity. One of them is still quite pertinent for discussing problems regarding a small and specialized community of macOS users.

Times have changed though. Personally I would never give again my real name to any e-mail service, although by doing so caused no harm in my case so far. Of course, for paid services revealing your true identity is unavoidable.
 
hauntvictim said:
Ugh, yes just noticed that I can not. Nor can I merge my @me account into it.
SIGH... guess I will create a new one. Now which provider eeck.
Click to expand...
If you have a bunch of purchased stuff over the years (iTunes songs and movies and iOS Apps) connected to that Apple ID, I'm not sure how you transfer those to the new Apple ID.
 
It's like we were surprised yahoo had 500 million accounts, now 1 billion accounts? Are they just making up figures now? I still get a bit worried when I think about the data companies hold with such disregard for security that my details are almost certainly out there somewhere. Big corps need to be hit with some huge fines to shape up their acts or just plain delete the data and have it illegal for them to store it at all. I'm a bit fed up of it being ok without any consent and without seemingly any checks to ensure it's not just plain text online for anyone to delve into.
 
C DM said:
How so? With the use of longer passwords that also contain numbers and special characters, how does that make it easier for algorithms to guess (especially compared to shorter passwords that don't even use numbers or special characters)?
Click to expand...
Where did you see I say "easier"?
I was simply pointing out that the password requirement is making it hard for human to remember but easy for computer program to guess.
 
B4U said:
Where did you see I say "easier"?
I was simply pointing out that the password requirement is making it hard for human to remember but easy for computer program to guess.
Click to expand...
So what makes it easy for a computer program to guess? And is it then no different compared to not having those requirements and people being able to use simple and even short words as passwords?
 
So this went back to 2013... oh YAY!

While I am grateful my personal data does not appear to have been breached (thus far), I lost the last four years worth of writing and reference material (some of the later appears to have been removed from the internet since 2015 as well).
 
C DM said:
So what makes it easy for a computer program to guess? And is it then no different compared to not having those requirements and people being able to use simple and even short words as passwords?
Click to expand...

Having a huge database of usernames and passwords helps discover patterns beyond simple passwords.

I'll go look for an article I saw last year.
 
Crap! I wish I could remember my password so I could change it. I only set-up the account about 18 years ago... and haven't used it in 17 years... Damn this memory of mine!
 
BarracksSi said:
Having a huge database of usernames and passwords helps discover patterns beyond simple passwords.

I'll go look for an article I saw last year.
Click to expand...

Turned out to be this year, and it was a post at Ars Technica about the LinkedIn hack:
http://arstechnica.com/security/2016/06/how-linkedins-password-sloppiness-hurts-us-all/

While the RockYou breach revolutionized password cracking with "only" 32 million passwords, this second wave of LinkedIn data is nearly six times larger. And given how many times this data has changed hands over the past two weeks, it’s surely just a matter of time before the full data is made publicly available. When it is, any password cracker worth their salt (ha!) should be able to crack 80 to 90 percent of the passwords on their own.

This means hackers will soon have a drop-in replacement for RockYou that is over five times more effective: a new de facto wordlist, new patterns to analyze to generate new rules, and new statistics for probabilistic password cracking. When you take both RockYou and LinkedIn and combine them with eHarmony, Stratfor, Gawker, Gamigo, Ashley Madison, and dozens of other smaller public password breaches, hackers will simply be more prepared than ever for the next big breach.
Click to expand...
 
C DM said:
So what makes it easy for a computer program to guess? And is it then no different compared to not having those requirements and people being able to use simple and even short words as passwords?
Click to expand...
As long as it is on the keyboard, it would be easy for computer programs to guess.
At the end, we do not deny the fact that those requirements make it hard for a human to remember, correct?
And the icing on the cake is, there is password recovery function that I can set a question and stupid easy answer that would recover my account.
 
B4U said:
As long as it is on the keyboard, it would be easy for computer programs to guess.
At the end, we do not deny the fact that those requirements make it hard for a human to remember, correct?
And the icing on the cake is, there is password recovery function that I can set a question and stupid easy answer that would recover my account.
Click to expand...
If something can be typed in it's easy for a computer to guess? Is that why complex long random password strings are guessed by computers all the time (given that they would be as they would come from keyboards and it's easy for computers to guess)?
 
C DM said:
If something can be typed in it's easy for a computer to guess? Is that why complex long random password strings are guessed by computers all the time (given that they would be as they would come from keyboards and it's easy for computers to guess)?
Click to expand...
Okay...but the complexity vs the length shall be considered.
What about the human factor of remembering the complex password? It is still hard for the human to remember those password.
And as pointed out previously, that can be bypassed easily as well.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back