This ain't news
The NSA has been doing this for at least a decade.
Yahoo! says hackers have probably stolen details from more than a billion user accounts, including names, addresses, phone numbers, and weakly hashed passwords in attacks dating back to 2013. Chief information security officer Bob Lord said in a statement that this event is likely a separate haul unrelated to past breaches. " …
Pretty sure sky.com switched to yahoo from Google..
They did. I remember supporting my parents' account when Sky transitioned to Yahoo email, and the whole experience was fairly s**t. Then they transitioned to Google a couple of years later...and that experience was also fairly s**t.
Phooey. Yahoo! never had a billion accounts.
Not users but accounts. For way too many years, much like Hotmail, Yahoo was a choice for throw away accounts and also for spammers. So it's very possible. I think I still have a about 10 or 12 open throwaways there.
I think a lot of the spammers in the past used stolen accounts. At least the majority of spam I had over the years was either from fake names or stolen accounts.
I have 10 accounts on virgin media (ntlworld) and each one has a use... It's lovely...
I tried to get a few Yahoo stolen accounts shut down years ago and they told me no.. I know the owners and they owners tried to recover them but Yahoo said they didn't match security checks (lol)... But I got all sorts of spam targeted towards me because I was in their address book. Yahoo might have spent a lot of time over the years stopping some spammers, but I don't think have done enough to detect brute force theft. I could probably give you a BEELLION! reasons to agree with that last bit.
This must be why my ISP started bringing all the Yahoo! hosted email back in house a few months ago.
If I remember correctly they said it was something to do with improved service or something, but if they said publicly that Yahoo! are fsking hopeless they would probably get sued.
It also brings Yahoo!'s acquisition by Verizon into question, as the much smaller September breach prompted questions about whether the purchase price Verizon will pay for the company should be reduced.
Sell? I'd be surprised if they even give the company away at this point. If they offer it to me, they'd have to pay me to take it.
This I don't understand. Maybe it's late?
Passwords were hashed using the easy-to-subvert MD5 hash. Reg tech staff, on learning of the breach, say they started using more secure ciphers years before this breach.
Why is Reg tech staff tasked with implementing Yahoo ciphers??
And yes, 10⁹ user accounts sounds more like 10⁹ IoNT (Internet of Needful Things) accounts.
"Many people reuse the same or similar passwords for other services so even old, unused or deleted Yahoo account info can be used against them. If your Yahoo password was truly unique then no worries."
Not forgetting the people who used their Yahoo account to sign up to other services which then promptly send you your username/password in a plaintext email, and the same for password resets.
"When you say "One Billion", is that the American Billion or the proper Billion?"
Not many people in the UK use billion to mean 1e12 these days in formal/official usage
"Historically, the United Kingdom used the long scale billion but since 1974 official UK statistics have used the short scale"
The reason it was kept quiet was because Ms. Mayer wanted to protect her $58 million severence package when Yahoo manages to sell itself, which they are trying desparetly for past few years.
Ditto Talktalk. Dido doesnt want to let go of her £ 7 million annual package, hence it is always "only a few of our customers" having suffered a hack.
Oh, the power of big business & their friendly media chums !
I have an old BT Yahoo email account associated with my landline. If I try to delete the account online, it says it can't be done and I must phone 0845 600 7030 to get BT to do it for me. When I phone that number, they say they can only reset passwords and don't have the ability to delete email accounts. Top notch support from BT again!
The BBC quote "Cyber security expert Troy Hunt" as saying the previous breach knocked $1 Bn off the Verizon sale price, and that this one "will surely impact that valuation even further, not just because of the scale of it, but because it shows a pattern of serious failures on Yahoo's behalf".
http://www.bbc.com/news/world-us-canada-38324527
The Mayer c-suite is bleating that the billion account loss was possibly due to source code theft, the purloiners taking advantage of security holes. Since Yahoo security was poor (despite the good reputation of the 'Paranoids' before they were poached by more astute companies) one has to presume that the Yahoo source code rivals Adobe Flash for security quality. It costs time and money to write secure code, even if the cost is negative on a life cycle basis.
Verizon should probably rewrite the source code at a cost of 100Mil, or maybe 2 or 3 hundred including debugging and roll out to the 20 or 30 remaining Yahoo customers. Alternatively, Verizon could just ape Adobe and not proactively fix problems, just react and wack the moles when they pop up. Yahoo will then die the Flash death of a thousand security patches. Of course, if the price is right, maybe it would be worth it.