
No news is good news...
Not in this case it wasn't.
Yahoo! knew it had been compromised by a state-sponsored hackers in 2014 despite not publicly disclosing this crucial information until 2016. The disclosure of some internal knowledge prior to public admission of a problem in September 2016 comes from a recent SEC filling, in paragraphs covering the investigation of the …
Could be worse, with AT&T customers they likely have access to people's Mobility, uVerse TV & Internet, DSL in the former SBC and BellSouth areas, Wireline, DirecTV, Digital Life (alarms and shit) and Unified Accounts.
Thats one of the reasons that I'm glad I still had the option to use vanilla @att.net and bellsouth.net POP3 email when I had uVerse so nothing ever touched Yahoo!'s servers. Especially as I'm pretty sure most people just used their myAT&T passcode for it, meaning you could have someone do quite literally anything to your account with no real issue besides having to know the associated email address, CTN or BAN and the passcode.
"That or the IP resolved to a foreign country so it had to be cyberwarfare!"
Or more likely, a hacked PC or server in another country, under remote control by the hackers located somewhere else.
Nobody in their right minds launches a hack directly from their own PC without going through a separate proxy machine they can burn after.
I think round about then they changed their profile interface and addresses and other fields were dropped from profile data.
I wonder why that would have been...
There's always going to be some fool who fills it in properly.
Unlike normal people, when our omniscient, omnipotent and infallible overlords get fired they get a bonus.
Her golden parachute for when she 'messed up' was probably negotiated at the time of her hiring to be in the 10s of millions.
And unlike contracts for the rest of us, the contracts for such important types are usually worded to stand up even if the messing up was an intentional criminal act on their part.
How else could you ever get someone to take such a job?
"... created cookies that could have enabled such intruder to bypass the need for a password to access certain users' accounts or account information."
They have code which allows this as a feature? It's easy to have security problems when you have undiagnosed stupidity problems.