200M Yahoo accounts go up for sale on digital black market

"If Yahoo won’t take security seriously, then it deserves to die...

• Marissa Mayer was “reactive” to security issues, instead choosing to focus on turning Yahoo into a Google competitor and a major destination for video streaming.
• Bolstering security meant potentially making Yahoo’s products slower and less intuitive, which was something the company was not willing to do.
• Even after Yahoo hired Alex Stamos, a man known for his efforts in the data security space, he and Mayer butted heads on putting significant money toward security measures. These measures that Mayer didn’t want to fund included intrusion detection. Intrusion detection, of all things.
• Against Stamos’ suggestion, Mayer decided not to employ automatic password resets for the company’s users, out of fear that the inconvenience would drive them to competitors..."

http://www.slashgear.com/if-yahoo-wont-take-security-seriously-then-it-deserves-to-die-28457915/

 

Yahoo Data Breach may have affected over 1 Billion users

http://securityaffairs.co/wordpress/51833/data-breach/yahoo-data-breach-2.html

 

http://www.usatoday.com/story/tech/...tomer-emails-nsa-report-fbi-reuters/91548012/

Is it getting any worse?

 

Yahoo Inc last year secretly built a custom software program to search all of its customers' incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.
http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT

 

"Verizon wants $1 billion discount after Yahoo privacy concerns"

https://techcrunch.com/2016/10/06/r...scount-after-yahoo-privacy-concerns/?ncid=rss

 

"Verizon Corp's general counsel, Craig Silliman, said on Thursday the company has a "reasonable basis" to believe that Yahoo Inc's massive data breach of at least 500 million email accounts represents a material impact that could allow Verizon to withdraw from its $4.83 billion deal to buy Yahoo...

... 'I think we have a reasonable basis to believe right now that the impact is material and we're looking to Yahoo to demonstrate to us the full impact. If they believe that it's not then they'll need to show us that,' he said, declining to comment on whether talks are under way to renegotiate the purchase price."

http://www.zerohedge.com/news/2016-10-13/yahoo-stocks-slides-after-verizon-counsel-questions-deal

 

http://www.wsj.com/articles/yahoo-core-revenue-drops-again-1476822440

People logging into accounts they may not normally check often to update passwords and security info in light of the exposed breach and because the 'number of page views' rose that's good...pfft.?! Time to replace whoever thought the increase in page views was a good sign. More likely just people trying to retain control of the accounts and perhaps checking a few emails afterward.... Is it just me thinking this?

 

Yahoo asks DNI to de-classify email scanning order

https://threatpost.com/yahoo-asks-dni-to-de-classify-email-scanning-order

 

"Yahoo Admits Some Employees Knew About Its Massive Data Breach for Years...

...Now, Yahoo admits that at least some of its employees knew about the hack two years ago, giving Verizon more ammunition to claim a material breach of contract. 'The company had identified that a state-sponsored actor had access to the company’s network in late 2014, 'Yahoo said in an S.E.C. filing this week..."

http://www.vanityfair.com/news/2016...-knew-about-its-massive-data-breach-for-years

 

"Yahoo hacked again? Probe launched on data breach claims...

Yahoo has announced that it is investigating a new claim made by US law enforcement authorities over a new potential breach of its user account data.

The authorities are said to have received the information from a hacker who claimed that it was related to Yahoo.

The company said in a regulatory filing that it is taking the help of forensic experts to analyse and investigate the hacker’s claim that the data is Yahoo user account data..."

http://www.cbronline.com/news/cybersecurity/breaches/yahoo-hacked-probe-launched-data-breach-claims/

 

"Yahoo said Wednesday that 1 billion user accounts -- meaning most of the Internet giant's customers worldwide -- were hacked by a "state-sponsored" attacker in 2013, leading to the release of user names, telephone numbers, dates of birth and other personal information.

Report of the hack, coming after the announcement of a separate hack affecting 500 million accounts in September,..."

https://www.washingtonpost.com/business/economy/yahoo-says-1-billion-user-accounts-hacked/2016/12/14/a301a7d8-b986-4281-9b13-1561231417c0_story.html?tid=a_breakingnews&hpid=hp_no-name_no-nameage/breaking-news-bar

NB: The "state sponsored" hacking is not verified. The Post does not give it's source and the Yahoo statement explicitly states that "...The company has not been able to identify the intrusion associated with this theft...."

https://investor.yahoo.net/releasedetail.cfm?ReleaseID=1004285

However, the front page link to the WP story is titled:

"Yahoo blames ‘state-sponsored’ attacker for hack of 1 billion user accounts in 2013."

https://www.washingtonpost.com/regional/

 

The Post has retracted the copy in it's story referencing "state sponsored."

Perhaps The Post will also eventually change it's front page headline to conform to the known facts.

What's with that laughing emoji in the link to the Post's story

 

LOL-The Yahoo story with it's incorrect headline has been totally removed from The Post's front page.

hawki wonders whether his post in the comments section had anything to do with this.

Perhaps we now have an explanation for the laughing emoji in the link to the story - it was a joke, not irresponsible "journalism."

 

"US senator calls for probe of Yahoo security following hack

A senior Democratic senator has said he would launch an investigation into Yahoo's security practices after a second massive data breach was reported on Thursday affecting over 1 billion user accounts....

Warner, who is set to become the leading Democrat on the Senate Intelligence Committee in 2017, said he had also made repeated attempts to contact Yahoo for a briefing covering the first reported hack in 2014, which affected 500 million accounts, but failed to get a reply....

Paul German, CEO at encryption firm Certes, told IT Pro in a written statement that with Yahoo suffering two of the largest hacks in history, its attitude to cyber security is seriously into question.

'Yahoo is relying on an outdated cybersecurity model which takes a, ‘protect’, ‘detect’, ‘react’ approach which simply does not work. The problem lies in the fact that once inside a network, there is a significant delay before a hacker is detected, leaving them free to move uninhibited, accessing vast quantities of sensitive data and wreaking havoc,'he said..."

http://www.itpro.co.uk/security/27288/us-senator-calls-for-probe-of-yahoo-security-following-hack

"Yahoo breach means hackers had 3 years to abuse user accounts"

http://www.computerworld.com/articl...ckers-had-3-years-to-abuse-user-accounts.html

"Security experts: 'No one should have faith in Yahoo at this point'

Yahoo ‘did not take security seriously enough’, failing to prevent a hack which exposed the data of 1 billion users"

https://www.theguardian.com/technology/2016/dec/15/security-experts-yahoo-hack

 

"FBI Is Investigating the Latest Yahoo Hack"

http://fortune.com/2016/12/15/fbi-yahoo-hack/

 

I am wondering how many Yahoo email clients have canceled their account(s) ? Yahoo Mail gives you the most free storage of any email provider ... 1TB of free space and that is a lot to find elsewhere for 'free'. That might keep a lot of clients on board. I expect most clients will have just changed their password but their 'data' is out there and probably sold already. Just changing the password, or even going to 2A right now is like closing the barn door after the horse has bolted. Identity theft is in their future.

Verizon is counting on the 1Bn users still being there after this is fully investigated. Yahoo has not stated how many users they have lost.

 

No surprise whatsoever.

Anyone remember back when Yahoo Messenger was all the rave? Freely available apps were put together and found everyplace where you could "BOOT" people right off of that and more (make their PC reboot etc.). Kind of a generic type of RAT if you will.

Yahoo over the years never has really taken security all that serious to seal up the holes and is why I never trusted them after seeing how lax they were.

This proves it again. I do like my Flickr or at least used to.

 

I just checked my two accounts, and one is compromised and the other is not: