Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo Says Hackers Stole Information From Over 1 Billion Accounts (go.com)

Posted by BeauHD on from the ones-and-zeros dept.

An anonymous reader quotes a breaking report from ABC News: Yahoo says it believes hackers stole data from more than one billion user accounts in August 2013. The Sunnyvale, California, company says it's a different breach from the one it disclosed in September, when it said 500 million accounts were exposed. That new hack revelation raises questions about whether Verizon will try to change the terms of its $4.8 billion proposed acquisition of Yahoo. Yahoo says the information stolen may include names, email addresses, phone numbers, birthdates and security questions and answers. The company says it believes bank-account information and payment-card data were not affected.

71 comments

  1. If this deal doesn't collapse... by ChiefGeneralManager · · Score: 5, Insightful

    ....we know our privacy is non-existent. That Verizon could continue to talk of a deal after the last Yahoo! breach was amazing. If Verizon continues with an additional *billion* it shows that neither the market nor the establishment can penalise egregious data loss. It's pathetic that they claim bank account information is likely safe, but the combination of personal data _plus security questions and answers_ opens a whole new field. Wow.

    1. Re:If this deal doesn't collapse... by Anonymous Coward · · Score: 2, Insightful

      It's pathetic that they claim bank account information is likely safe, but the combination of personal data _plus security questions and answers_ opens a whole new field.

      That's why I never give my real birthdate, location, or real answers the security questions. I don't even use the same answers across different services. It's really an obvious weakness whenever you consider that a hacker could potentially build up a pretty detailed personal history on you just by collecting all the answers to security questions, from various websites that you login into.

    2. Re: If this deal doesn't collapse... by Anonymous Coward · · Score: 1

      Plus security questions such as mother's maiden name or name of pet are completely useless nowadays thanks to how much people share on social networks along with freely available public info sites.

    3. Re:If this deal doesn't collapse... by Anonymous Coward · · Score: 0

      ....we know our privacy is non-existent.

      That Verizon could continue to talk of a deal after the last Yahoo! breach was amazing. If Verizon continues with an additional *billion* it shows that neither the market nor the establishment can penalise egregious data loss. It's pathetic that they claim bank account information is likely safe, but the combination of personal data _plus security questions and answers_ opens a whole new field.

      Wow.

      God only knows what the mafia could do to me if they ever learned the name of my third grade teacher or pets. It's a much bigger farce than you give it credit for.

    4. Re:If this deal doesn't collapse... by Narcocide · · Score: 1

      What makes you think Verizon isn't already "in on it?"

    5. Re:If this deal doesn't collapse... by scrib · · Score: 4, Informative

      I agree completely. My password manager comment section is full of randomly generated passwords to answer those damn "security" questions.
      "In what city were you born?" "cnf3kPiDkYDeYUur"

      --
      Help! Help! I'm being repressed!
    6. Re:If this deal doesn't collapse... by Anonymous Coward · · Score: 0
      Agreed. All information I have provided is erroneous with the intent to FLAG as bogus data.

      If they use it. BUSTED!!

    7. Re:If this deal doesn't collapse... by unixisc · · Score: 1

      Verizon ought to can its proposed purchase: didn't they buy AOL recently? Aside from that, I'm glad that I finally migrated and closed my Yahoo account

    8. Re: If this deal doesn't collapse... by Anonymous Coward · · Score: 0

      Hey do you my cousin Kevin then? He's also from there.

    9. Re:If this deal doesn't collapse... by antdude · · Score: 1

      How do you say that when talking? :O

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    10. Re:If this deal doesn't collapse... by Anonymous Coward · · Score: 0

      I guess you'll have other thingies to do when your pubic hair starts showing...

    11. Re:If this deal doesn't collapse... by Anonymous Coward · · Score: 0

      Meh, have to find my glasses so I don't reply to the wrong parent again, sorry...
      @ChiefGeneralManager: indeed !

    12. Re:If this deal doesn't collapse... by AmiMoJo · · Score: 1

      Maybe they are going to revise their bid to something more realistic now, like $9.50.

      Who am I kidding, you would have to pay me to take Yahoo away.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    13. Re:If this deal doesn't collapse... by Zak3056 · · Score: 4, Funny

      Cleveland

      --
      What part of "shall not be infringed" is so hard to understand?
    14. Re: If this deal doesn't collapse... by Cro+Magnon · · Score: 1

      Not necessarily. I've never had a pet, but the one I "borrow" died long before social media. No way they'll find its name there.

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
  2. Yahoo should simply cease to exist by Anonymous Coward · · Score: 3, Insightful

    It has utterly failed in every conceivable way. File for bankruptcy.

    1. Re:Yahoo should simply cease to exist by MightyMartian · · Score: 5, Funny

      They haven't caused a major oil or chemical spill, so strictly speaking they haven't failed in every conceivable way!

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:Yahoo should simply cease to exist by Lord+Apathy · · Score: 1

      The search service sucks, the mail service blows, and the news is anything but the news. I see no reason for them to exist.

      --

      Supporting World Peace Through Nuclear Pacification

    3. Re:Yahoo should simply cease to exist by ShanghaiBill · · Score: 5, Interesting

      I see no reason for them to exist.

      I do. They are a great site for throwaway email accounts, so I can make one-time-use of sites that insist that I "create an account". Of the billion compromised accounts, I suspect that only a small percentage are currently used by real people.

    4. Re:Yahoo should simply cease to exist by houstonbofh · · Score: 3, Funny

      They haven't caused a major oil or chemical spill, so strictly speaking they haven't failed in every conceivable way!

      It is annoying. People that overuse hyperbole should be literally shot. :)

    5. Re: Yahoo should simply cease to exist by Anonymous Coward · · Score: 0

      Can I throw in a girl power shout out for Marissa? We'll have to wait until Rick Perry has been energy secretary for a few years to see a man fuck up as much.

    6. Re:Yahoo should simply cease to exist by Lord+Apathy · · Score: 2

      That is what the mailinator.com is for.

      --

      Supporting World Peace Through Nuclear Pacification

    7. Re:Yahoo should simply cease to exist by ls671 · · Score: 1

      Pffff... the following in /etc/mail/virtusertable is faster for me :-)

      dummy.me@ghost.mydomain.com realme@mydomain.com

      --
      Everything I write is lies, read between the lines.
    8. Re:Yahoo should simply cease to exist by MightyMartian · · Score: 1

      To be fair, Yahoo has failed in every conceivable way a Internet tech company could fail. I'm eagerly awaiting the Yahoo afterlife, as a patent-trolling zombie owned by shady lawyers working out of East Texas.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    9. Re:Yahoo should simply cease to exist by Motherfucking+Shit · · Score: 3, Informative

      I'm finding more and more places that won't accept mailinator.com when registering, including its various alternate domains (there's a project that keeps an updated list). A lot of sites now completely disallow signing up through Tor, too. In order to make a Bugzilla account to report something anonymously, I had to first create a Github account, which you can do over Tor, and then use that to authenticate to Bugzilla. Fucking annoying.

      --
      "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
    10. Re:Yahoo should simply cease to exist by geoskd · · Score: 1

      They haven't caused a major oil or chemical spill, so strictly speaking they haven't failed in every conceivable way!

      They haven't reported having had a major spill, but that apparently doesn't mean much...

      --
      I wish I had a good sig, but all the good ones are copyrighted
    11. Re:Yahoo should simply cease to exist by Anonymous Coward · · Score: 0

      It seems your morals are already bankrupt

    12. Re:Yahoo should simply cease to exist by Anonymous Coward · · Score: 0

      In any case, they should be fined out of existence and every Yahoo employee responsible for keeping this silent for years should be prosecuted.

    13. Re: Yahoo should simply cease to exist by Anonymous Coward · · Score: 0

      Except that it's fallen prey to its own success and been blacklisted by most sites that require an email.

    14. Re:Yahoo should simply cease to exist by thomn8r · · Score: 1
      They are a great site for throwaway email accounts

      Not any more - now they require a mobile phone number to create a new account.

    15. Re:Yahoo should simply cease to exist by syntotic · · Score: 1

      I want my geocities websites back.

  3. As someone who uses a yahoo email by Anonymous Coward · · Score: 0

    Thanks for the warning yahoo. They were hacked previously think it was around 2005 also went undisclosed.

  4. Why though? by OrangeTide · · Score: 2

    Why would Verizon care if a company they are buying is horribly insecure? Especially when Yahoo's users don't seem to care.

    --
    “Common sense is not so common.” — Voltaire
    1. Re:Why though? by tomhath · · Score: 2

      I use yahoo email as my spam sink when a site I don't care about insists on me providing an email address. Let 'em hack it, they got nothing from me.

    2. Re:Why though? by houstonbofh · · Score: 3, Funny

      Why would Verizon care if a company they are buying is horribly insecure? Especially when Yahoo's users don't seem to care.

      They might see it as a plus! "Finally, customers we can really abuse that will put up with it!"

    3. Re:Why though? by OrangeTide · · Score: 1

      Yeah, but Yahoo users are notorious cheapskates. About all they are good for blasting with ads and tricking with fake news.

      --
      “Common sense is not so common.” — Voltaire
    4. Re:Why though? by SeaFox · · Score: 1

      Why would Verizon care if a company they are buying is horribly insecure?

      They don't care. They just want an excuse to make Yahoo lower their price. Verizon's primary reason for the purchase is to "buy" the users. They'll argue the hack is reducing the value of the Yahoo brand name and causing people to leave the service over the poor security.

  5. The company says it believes bank-account ... by QuietLagoon · · Score: 3, Insightful

    ...The company says it believes bank-account information and payment-card data were not affected....

    Geesh. Given the history of yahoo attacks and their announcements, give it a few weeks and then we'll probably see yet another announcement from yahoo about how hackers got bank account info and payment data. It has become apparent that Yahoo may not possess the ability to run an online portal securely.

    1. Re:The company says it believes bank-account ... by triffid_98 · · Score: 1

      give it a few weeks and then we'll probably see yet another announcement from yahoo about how hackers got bank account info

      Does the NSA count?

      That said, at least some of this could be 'spin' (at least the way it's being publicized) so Verizon can pick up Yahoo for millions off the asking price, just like Nissan did to Mitsubishi before their merger.

  6. $39 Billion in market cap by Anonymous Coward · · Score: 0

    I don't see how Yahoo has $39 billion in market cap.

    1. Re:$39 Billion in market cap by ShanghaiBill · · Score: 5, Informative

      I don't see how Yahoo has $39 billion in market cap.

      Yahoo was an early investor in Alibaba, and owns about 15% of Alibaba's stock. If you subtract out the value of that stock, the rest of Yahoo actually had negative value prior to Verizon's offer.

  7. Lies. by zenlessyank · · Score: 1

    They sold that shit. Again.

    1. Re:Lies. by PPH · · Score: 1

      Somebody stole my Hope Diamond.

      --
      Have gnu, will travel.
  8. payment information? by salnikov · · Score: 1

    > bank-account information and payment-card data were not affected.

    Anyone in their clear mind pays for anything from Yahoo?

    1. Re:payment information? by Anonymous Coward · · Score: 0

      I believe their premium features of fantasy leagues required payments... Lot's of people paid for that access...

    2. Re:payment information? by lamber45 · · Score: 1

      Over the years I've bought a few items from a mail-order vendor that uses Yahoo! for their checkout/payment. Nothing since the breach in question, though... their deals haven't been that good recently.

      Yahoo! also offers "premium" mail service, no ads, IMAP access may be a premium-only feature.

  9. Luckily, there's a precedent. by jgullstr · · Score: 1

    Adjusted sales price: 4.844 billion

    1. Re:Luckily, there's a precedent. by jgullstr · · Score: 1

      Oops, meant 4.756 billion.

  10. Wait by lyovushka · · Score: 1

    Yahoo has 1 billion accounts?? Surely most of them are dormant.

    1. Re: Wait by Anonymous Coward · · Score: 0

      This is a market play by yahoo. That they actually have a billion accounts to sell. That is why they release it.

    2. Re:Wait by Anonymous Coward · · Score: 0

      If it weren't for the occasional reports of data breaches, one would be forgiven for thinking Yahoo had ceased existing well over ten years ago.

    3. Re: Wait by PPH · · Score: 1

      I think you might be onto something here.

      I don't have a Yahoo account. I've used some Yahoo services, but always anonymously. So, no login to steal. I just received "Important Security Information for Yahoo Users". Which instructs me to go to a Yahoo account page and change my password and security questions. Well, I don't have one. But I'm willing to bet that Yahoo's account maintenance page will walk me through setting one up, should I bother to visit it. I'm not even going there to confirm that they hit a valid e-mail address.

      My guess is: In addition to legitimate Yahoo users (who really should change passwords), they have a mailing list that they are using to generate new accounts. To pt them in a better negotiating position for the eventual Verizon/whoever buy-out.

      --
      Have gnu, will travel.
  11. why now? by e432776 · · Score: 1

    I wonder why this disclosure was made now. TFV mentions that "forensic experts" have just come up with this information. Should two major breaches like this in such a short time with delayed reporting mean the death penalty for Yahoo! ? Seems to indicate major incompetence.

    1. Re:why now? by elrous0 · · Score: 2, Funny

      Seems to indicate major incompetence.

      Hush, you fool! If you imply that a female CEO is anything less than amazing you'll have the SJW's showing up to protest our misogyny!

      OH GOD, IT'S TOO LATE! Here they come! HOW DID THEY MAKE THOSE SIGNS SO FAST?!?

      --
      SJW: Someone who has run out of real oppression, and has to fake it.
    2. Re:why now? by bondsbw · · Score: 1

      Not to mention that this happened before the one everyone thought was so bad.

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  12. This explains the sudden uptick in SPAM . . . by mmell · · Score: 1
    Everything from home appliance warranties to C1@l!s . . . all with the 'yahoo.com' domain as the return address.

    I wonder what they do with the abuse reports I manually submit via Yahoo's 'blessed' spam reporting site? Pretty sad that they won't just check "abuse@yahoo.com" - I wonder what happens to reports which get sent to that altogether predictable and logical address?

  13. Everett Dirksen by JustAnotherOldGuy · · Score: 1

    To paraphrase Everett Dirksen, "A billion here, a billion there, pretty soon, that's a lot of users."

    (His original quote was, "A billion here, a billion there, pretty soon, you're talking real money.")

    --
    Just cruising through this digital world at 33 1/3 rpm...
  14. Yahoo has a billion users? by jfdavis668 · · Score: 1

    How in the hell can they not make money with that many customers?

    1. Re:Yahoo has a billion users? by Anonymous Coward · · Score: 0

      users are not (all) customers.

    2. Re:Yahoo has a billion users? by wvmarle · · Score: 1

      One billion user accounts - that's more than Facebook has. If that's one billion unique users, that'd be one out of seven people on this planet with a Yahoo account.

      First there was news of a hack of half a billion accounts, now one billion. Most of these will be inactive (including mine - been years since I logged in to Yahoo, or even visited the site). Many of them just have to be throwaway accounts created by spammers or so.

  15. Yahoo is doing fine by golodh · · Score: 1
    Yahoo is doing fine, for whoever declared keeping accounts secure is a KPI ?

    Now that Yahoo have warned their users it's those users who are responsible for changing their passwords. Not Yahoo's problem.

    Shame about the publicity though, but you can't have everything.

  16. Yahoo should be forced to send paper mail to all by Anonymous Coward · · Score: 0

    .. of those whose addresses they have or can reasonably find. Certified mail of course, sent via the USPS. To notify them of the breach and offer up free ID theft protection.

    I am not an ID Theft monitoring company salesman, but I'm starting to see some no-name services offered for some of the breaches I have been exposed to, mostly medical companies. Probably the next growth area for fake scamming companies.

  17. Good for you, hackers by Anonymous Coward · · Score: 0

    The only thing Yahoo knows about me is my alternate email address and the contents of an outdated resume from a long ago job search. Big frickin whoop.

  18. Some races you don't want to win by Archfeld · · Score: 1

    Yahoo now reports one Brazillion accounts compromised. Someone needs to tell them that this isn't the race they want to win. Much like 'catching' a cold or 'taking' a piss, but I guess if you are losing by every other metric you find one you can excel at ? Bottom line is all of their accounts were hacked and STILL nothing of value was lost.

    --
    errr....umm...*whooosh* *whoosh* Is this thing on ?
  19. Time to give Marissa a raise by hambone142 · · Score: 1

    I need one of these CEO jobs. One where I can be negligent, ignoring security issues and get paid millions.

    I also need one that will give me tens of millions for getting terminated for doing a crappy job.

    Frankly, if I were in Yahoo's CEO position and did nothing, it would likely be better than what the existing CEO has "accomplished".

    1. Re:Time to give Marissa a raise by LordWabbit2 · · Score: 1

      Most CEO's (all upper management generally) are complete assholes. You get exceptions but generally those are the CEO's etc. that started their own company. Anyone who "worked" his way up the ladder to a top position did it by backstabbing and being an asshole.
      The point being is that you are probably not qualified.

      --
      There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
  20. Total count? by manu0601 · · Score: 1

    How many accounts do Yahoo have?

  21. Where's my cut? by jon3k · · Score: 4, Funny

    So I think I'm just going to go to the darknet markets and sell all my personal info directly. At least then I get a cut.

  22. Re:If this deal doesn't collapse... GAY NIGGERS by Anonymous Coward · · Score: 0

    I guess you'll have other thingies to do when your pubic hair starts showing.....