Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo Triples Estimate of Breached Accounts To 3 Billion (engadget.com)

Posted by BeauHD on from the worse-case-scenario dept.

An anonymous reader shares a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): A massive data breach at Yahoo in 2013 was far more extensive than previously disclosed, affecting all of its 3 billion user accounts, new parent company Verizon Communications Inc. said on Tuesday. The figure, which Verizon said was based on new information, is three times the 1 billion accounts Yahoo said were affected when it first disclosed the breach in December 2016. The new disclosure, four months after Verizon completed its acquisition of Yahoo, shows that executives are still coming to grips with the extent of the security problem in what was already the largest hacking incident in history by number of users.

A spokesman for Oath, the new name of Verizon's Yahoo unit, said the company determined last week that the break-in was much worse than thought, after it received new information from outside the company. He declined to elaborate on the source of that information. Compromised customer information included usernames, passwords, and in some cases telephone numbers and dates of birth, the spokesman said.

41 comments

  1. 3 billion? by nospam007 · · Score: 3, Funny

    I didn't even know Yahoo still existed, so these 'accounts' must be from last millennium, no?

    1. Re:3 billion? by ark1 · · Score: 4, Insightful

      1. Allow spammers to create accounts and actively use them.
      2. Claim you have more "active" users so things must be going well.
      3. Profit?

    2. Re:3 billion? by slazzy · · Score: 2

      That could be, also personally I create a new "junk" account every few months to use before it gets overrun with junk mail, so I alone probably have 100 yahoo accounts full of junk mail...

      --
      Website Just Down For Me? Find out
    3. Re:3 billion? by lucm · · Score: 2

      I alone probably have 100 yahoo accounts full of junk mail

      Supposing that you've been doing that since the launch of Yahoo Mail, that means you created an account once every 2 or 3 months for 20 years. That's quite a commitment and a time-consuming process.

      Maybe your time is worth nothing but for $0.50 / month you can get cloud antispam from heluna, or for $5/month you can let Office365 or G Suite deal with that.

      --
      lucm, indeed.
    4. Re:3 billion? by war4peace · · Score: 1

      Yeah, everybody does that.
      Lately this started happening even in the mighty beacon of anti-Facebook artist movement called Ello.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    5. Re:3 billion? by youngone · · Score: 1

      My ISP supplied email was hosted by Yahoo!.
      After the breach they forced a password change and bought the hosting back in house.
      I suspect Yahoo! hosted mail for a lot of organisations.

    6. Re:3 billion? by Aighearach · · Score: 1

      You don't buy G Suite for that, all the free gmail accounts come with working spam filtering. That's been true since they launched it.

    7. Re:3 billion? by The123king · · Score: 1

      Another BT customer?

      --
      If you gave me a choice between a printer and a giraffe with explosive diarrhoea, i'll get my ladder and my raincoat
    8. Re:3 billion? by Anonymous Coward · · Score: 0

      Mine is from 1995, sitting unused since 1998 or whenever it was that all my colleagues switched en mass from yahoo messenger to msn. I'm sure it's still among them.

    9. Re:3 billion? by Mashiki · · Score: 1

      Another BT customer?

      Nearly every big name ISP in Canada used them at one point. From Rogers to Telus, this is likely going to be very interesting.

      --
      Om, nomnomnom...
  2. Waiting for Equifax hearing to pass this news by ark1 · · Score: 5, Insightful

    ...under radar. Well played Yahoo/Verizon.

  3. What's the percentage of accounts from spambots? by Anonymous Coward · · Score: 0

    I highly doubt 3B humans have ever signed up an account with Yahoo. Or any other company for that matter, usage statistics are usually highly inflated.

  4. Headline next week by SuperKendall · · Score: 2

    "Yahoo announces leak of personal details for next several generations of humanity".

    Moral of story: Do not send your data back in time as a form of offsite backup, no matter how secure you think your future quantum encryption is.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  5. There is an easier way to report this by burtosis · · Score: 2

    Simply have a story every few weeks on what data remaining hasn't been stolen. I'm guessing at this point it's the null set.

  6. quick! more centralization! by Anonymous Coward · · Score: 0

    Quick, let's centralize even more of the internet! What could possibly go wrong?

  7. AT&T? by sconeu · · Score: 2

    Just curious if this includes AT&T accounts, since AT&T had outsourced their email to Yahoo.

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    1. Re:AT&T? by Anonymous Coward · · Score: 0

      Frontier (the only DSL provider here) outsources to them as well.

  8. Forced Password Reset in 3...2...1... by Anonymous Coward · · Score: 1

    The last time they reported a breach (three consecutive times in a row) they forced a password reset. Now I can't even get into one of my accounts because it was the third time I had to reset it in a month, and can't remember the password. Even better, I forgot the reset passwords (Questions, but they are case sensitive so they may as well be passwords. (That you only ever use to reset the main one when you forgot it.....*facepalm*)), and there isn't a registered reset email address, because I was using it as my main email address at the time I set it up years ago. Lesson learned: Take a picture of your reset passwords, and have more than one email address.

    Wonder how many more people will end up in the same boat as me this time? A better question would be how many times does Yahoo have to screw up before they loose all of their users? (Their IM is effectively a ghost town now due to the changed protocol making it incompatible with Pidgin, and nobody googles something on Yahoo.)

  9. Re:What's the percentage of accounts from spambots by ShanghaiBill · · Score: 2

    I highly doubt 3B humans have ever signed up an account with Yahoo.

    They said 3B accounts, not 3B people. Nobody is claiming that these are unique individuals.

  10. No accountability and the dance continues by Anonymous Coward · · Score: 0

    As long as there are no criminal charges brought and time served this will continue to be a race to number one data dumper.

  11. Look on the bright side... by freeze128 · · Score: 1

    At least it can't get any worse.

    1. Re:Look on the bright side... by msauve · · Score: 4, Funny

      "At least it can't get any worse."

      Could be raining.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
  12. Verizon paid too much by phalse+phace · · Score: 3

    Verizon should have done their due diligence on this. They probably could have gotten their $1 billion discount instead of paying $4.48 billion for Yahoo!

    Got. Ripped. Off.

    1. Re:Verizon paid too much by Anonymous Coward · · Score: 0

      Verizon gets ripped off, subscriber base cheers in a long play of karma

  13. Story source by campuscodi · · Score: 2

    Here's the source of the WSJ's reporting: https://www.oath.com/press/yah... I have no idea why the WSJ is hiding that story behind a paywall if it's freely accessible on Oath's blog.

  14. Scope Creep by mentil · · Score: 2

    I have to hand it to the Slashdot commenters who suggested in the past that the breach would be gradually revealed to be ever bigger in scope. I imagine it'll later come out that they knew all of its accounts were breached, before the sale to Verizon, and withheld that info so they'd be bought out for a larger sum. It wouldn't surprise me if somewhere in all the Yahoo data were credentials that could've been used to hack into other, non-Yahoo computer systems, and those hacks may never be tied to this breach.

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
  15. Wait... yahoo had 3 billion users? by gosand · · Score: 2

    I mean, gmail has just over a billion I think. Surely most of these yahoo email addresses are abandoned.

    --

    My beliefs do not require that you agree with them.

    1. Re:Wait... yahoo had 3 billion users? by Anonymous Coward · · Score: 0

      .5 billion all belong to Vishnu the supre spammer, and .75 billion have been abandoned.

    2. Re:Wait... yahoo had 3 billion users? by Cro+Magnon · · Score: 1

      I had a yahoo account around the turn of the century. Haven't used it since before you were born. Unless it got deleted, it was surely included in this breach (and probably in a lot of prior breaches).

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
  16. Re:What's the percentage of accounts from spambots by lucm · · Score: 1

    I highly doubt 3B humans have ever signed up an account with Yahoo.

    They said 3B accounts, not 3B people. Nobody is claiming that these are unique individuals.

    I confess that I had 2 Yahoo accounts for a while, and slazzy confessed that he had 100. So the real number is at best 2,999,999,899 people.

    --
    lucm, indeed.
  17. What is Yahoo? by Anonymous Coward · · Score: 0

    Its a company that can't compete with Google, so it was bought out by intelligence agencies to be used as a scapegoat to build up the public's tolerance towards Google and Facebook's much much worse data collection that they in turn can legally purchase for cheep and therefore, no warrant needed.

  18. Re:quick! more centralization! by lucm · · Score: 1

    Quick, let's centralize even more of the internet! What could possibly go wrong?

    "Put all your eggs in one basket, and then watch that basket"
    - Mark Twain

    The problem we have is that the basket watchers suck because they were hired based on their gender and race rather than because they were the best available.

    --
    lucm, indeed.
  19. 3 years Too Late by Anonymous Coward · · Score: 0

    Thank Yahoo. During that lapse of time, did all of your CEOs sell off stock and make millions too like Equifuck?

  20. Re:What's the percentage of accounts from spambots by war4peace · · Score: 1

    Your math still failed, unless slazzy is your bot.

    --
    ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  21. Is it public? by Anonymous Coward · · Score: 0

    I lost access to an account after a scammer took it over. It this database out in the wild or on the dark web? I'd even pay a nominal fee to get it back. I've waited on hold for 9+ hours with yahoo only to be hung up on.

  22. It's David Pogue's fault by Anonymous Coward · · Score: 0

    Those guys from Shaker Hts are all trouble makers,
    and don't get me started on that Tim Huntley guy.
    SHEESH! Nothin but trouble.

  23. Re:quick! more centralization! by Anonymous Coward · · Score: 0

    Lemme guess - you're a female African-American?

  24. Only one word by Anonymous Coward · · Score: 0

    F***!