200M Yahoo accounts go up for sale on digital black market

Discussion in 'other security issues & news' started by ronjor, Aug 2, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
  4. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
    "Yahoo Confirms Half A Billion User Accounts Hacked, Blames "State-Sponsored Actor...

    '... The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers....

    the investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network....'

    So much for using secure 9-character or more long passwords including capital letters, special characters and numbers. What is more ironic is that Verizon is paying $4.8 billion for the only asset that Yahoo has, or rather had, its user information, which is now publicly available for $1800 on the dark web."

    http://www.zerohedge.com/news/2016-...ts-hacked-blames-state-sponsored-actor-breach
     
  5. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
    Last edited: Sep 22, 2016
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
  7. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I keep getting advised to update my login information when I go to log into my Yahoo! Mail account. I just keep ignoring that, and so far, I can access my mail, without any problem.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    2,872
    Location:
    Australia
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Also, this pertains to the original time the breach occurred, i.e. back in 2014. I am sure I changed my password, at the time.
     
  11. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
    Last edited: Sep 23, 2016
  12. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
    It's scary how much someone can learn about you, not just from your Yahoo account details, but also just from seeing who/what has been sending you emails (even without reading the contents).

    I have had a Yahoo account for years. I have not used it for years. I had over 9,000 incoming emails. I did not realize how much one could learn about a person just from their meta data. Mine gives a frightening complete picture of my background,education-what schools you attended, interests, friends, religious affiliations, forums, family, what you buy, fraternity membership, where you have lived, etc. etc.. I also had my main email address listed as a backup for retrieving passwords. Doh
     
  13. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    269
    Location:
    Da mean streets of Brooklyn
    Exactly one year ago, I couldn't log into my Yahoo email and couldn't reset my password. Finally, it sunk in that a dirty deed had taken place, so contacted a live Yahoo rep who denied anything about a "hack" and gave me some stuff on creating a new password/email account. It didn't work because all my credentials had already been stolen. Since the hack news wasn't made official at the time, any site I tried to explain this to wouldn't hear me. Also got a Java exploit (blocked by AVG at the time) on one of their news-related pages. Adios, good luck with the Verizon thing, you're going to need it.
     
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    That might just explain why that after so many years of laying dormant I recently have seen a return of MySpace emails in my Gmail lately.

    And as far as Yahoo Mail goes, I hope they have fun sifting through the tons of SPAM which I've allowed to pile up from years of no activity. :D

    The only Yahoo Account I still make use of is FLICKR and forwarding non-personal pics of nature scenery or whatever is decided to throw on the Camera Roll from my secured android.
     
  15. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
  16. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
    OMG!

    Yahoo's TOS does not require binding arbitration or require individual actions ! That is so extremely rare for a large corporation today. This is particulalrly curious in view of the fact that The US Supreme Court Landmark Decision generally upholding binding arbitration and waiver of class actions was a case reversing a California Supreme Court case that refused to acknowedge the validity of such clauses and waivers.

    "28. GENERAL INFORMATION

    ...'Choice of Law and Forum. You and Yahoo each agree that the TOS and the relationship between the parties shall be governed by the laws of the State of California without regard to its conflict of law provisions and that any and all claims, causes of action or disputes (regardless of theory) arising out of or relating to the TOS, or the relationship between you and Yahoo, shall be brought exclusively in the courts located in the county of Santa Clara, California or the U.S. District Court for the Northern District of California. You and Yahoo agree to submit to the personal jurisdiction of the courts located within the county of Santa Clara, California or the Northern District of California, and agree to waive any and all objections to the exercise of jurisdiction over the parties by such courts and to venue in such courts."

    The TOS does however include the following:

    "20. LIMITATION OF LIABILITY

    YOU EXPRESSLY UNDERSTAND AND AGREE THAT YAHOO AND ITS SUBSIDIARIES, AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, PARTNERS AND LICENSORS SHALL NOT BE LIABLE TO YOU FOR ANY ... DAMAGES, INCLUDING, BUT NOT LIMITED TO, DAMAGES ... RESULTING FROM: ... (c) UNAUTHORIZED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA; ..."

    However, while The US Supreme Court has generally ruled that limitations to binding arbitration and no class action clauses are valid with a few limited exceptions, limitation of liability clauses are far less iron-clad.

    https://policies.yahoo.com/us/en/yahoo/terms/utos/index.htm
     
    Last edited: Sep 23, 2016
  17. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,092
    Location:
    Hollow Earth - Telos
    I was told by Yahoo Email today that i should change my password.
     
  18. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,955
    Location:
    DC Metro Area
    I have not received anything yet. However I did try that Have I Been Pwend site in reply #11 and discovered that my Malwarebytes Forum information, including my main email address, among other things was stolen in a breach in November 2104. At first I was angry because I did not recall getting any notification, but subsequently went through my email history and found the Malwarebytes Notification and Password Reset. I had overlooked it initially and only today did I reset my password. Doh.
     
  19. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    269
    Location:
    Da mean streets of Brooklyn
    How did you know a breach occurred in 2014? Did you have indications something was off with your email at that exact time? It took almost a year before I knew my email acct. was stolen. THEN I changed a lot more than my password. Yahoo's site security really got slipshod over the past few years, no wonder crooks had a bonanza right and left. You only needed to visit the site and look at a page in order to risk getting an exploit. Never mind the spam emails!

    Edit to add: I never actually KNEW there was a data breach until like two days ago. I'd only suspected because my Yahoo account was really off, not responding in the typical way. So I took someone's advice and just ditched it, changing my credit card info in the process. That Java exploit on Yahoo's site took place right around the same time, maybe two weeks prior. Wonder if there's a connection.
     
    Last edited: Sep 24, 2016
  20. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    I guess I had seen a story about a breach, at that time.
     
  21. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    1,092
    Location:
    Hollow Earth - Telos
  22. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,278
    Location:
    England
  23. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    http://www.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html
    To whoever tolerated/used the paranoid label: you are an idiot and contributed to this. To other corporate players: if anyone uses that or similar language to refer to your security people... including people on that team... put a stop to it quickly.
     
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
  25. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    269
    Location:
    Da mean streets of Brooklyn
    You know there's not a lot of mystery to Yahoo, but I don't get Verizon. They must have billions of dollars to throw all over the place, they just got finished handling a massive employee strike, they're de-uglifying their hideous "flagship" office building in one of the most expensive real estate places in the world--lower Manhattan. Hmm, OK. I suppose after this hack fiasco, Yahoo's price will fall but I haven't seen any new developments over the Internet yet.
     
Loading...