Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo Insiders Believe Hackers Could Have Stolen Over 1 Billion Accounts (businessinsider.com)

Posted by BeauHD on from the conservative-estimate dept.

An anonymous reader quotes a report from Business Insider: The actual tally of stolen user accounts from the hack Yahoo experienced could be much larger than 500 million, according to a former Yahoo executive familiar with its security practices. The former Yahoo insider says the architecture of Yahoo's back-end systems is organized in such a way that the type of breach that was reported would have exposed a much larger group of user account information. To be sure, Yahoo has said that the breach affected at least 500 million users. But the former Yahoo exec estimated the number of accounts that could have potentially been stolen could be anywhere between 1 billion and 3 billion. According to this executive, all of Yahoo's products use one main user database, or UDB, to authenticate users. So people who log into products such as Yahoo Mail, Finance, or Sports all enter their usernames and passwords, which then goes to this one central place to ensure they are legitimate, allowing them access. That database is huge, the executive said. At the time of the hack in 2014, inside were credentials for roughly 700 million to 1 billion active users accessing Yahoo products every month, along with many other inactive accounts that hadn't been deleted. In late 2013, Yahoo CEO Marissa Mayer said the company had 800 million monthly active users globally. It currently has more than 1 billion.

1 of 125 comments (clear)

  1. Re: Biggest government IT failure in history! by Anonymous Coward · · Score: 0, Offtopic

    Companies cheap out whenever possible. That is why the pure Libertarian approach is a joke because companies will break the law, put consumers at risk as much as they can. But then again, the GOP way gives the companies way too much power, and charge the consumers to death(telco industry) with little to no incentive to improve. But the DNC is also just as bad, with onerous regulations/paperwork that literally kills companies.

    A mix of these is needed - fewer but powerful regulations, with avenues to competition is needed to give all a chance. But that would never happen, because companies don't want it, because it would work.