500,000,000 Yahoo Email Accts Hacked....in 2014

[WaitingFor2020]

Not a typo. Half a billion email accounts were hacked and Yahoo just now reporting it.
I never liked Yahoo and only keep a gmail account for junk. But I think they need to be in some serious legal trouble for not notifying users about a year and a half ago when it happened.

Yahoo Says at Least 500 Million Accounts Breached in Attack

 

[WaitingFor2020]

What horse shit. They are just now telling their users what to do just in case:
Yahoo’s Data Breach: What to Do If Your Account Was Hacked

 

[Hutch Starskey]

Good thing Clinton had her own server and not a Yahoo acct.

 

[WaitingFor2020]

Good thing Clinton had her own server and not a Yahoo acct.

If it makes you feel any better, a staffer's email was hacked also and her travel plans, along with Joe Biden's and Michelle Obama's, have been exposed and published online. The investigators suspect it's a Russian hacker. So looks like Trump's bromance with Putin is still intact.
Leaked Contractor's Email Reveals First Lady's Passport

 

[waltky]

Uncle Ferd says dat's why womens shouldn't be CEO's o' interweb companies...

Yahoo Hack: Who Got Hit, Where, and How to Protect Yourself
September 23, 2016 - The hack of 500 million Yahoo user accounts is far and away the largest corporate breach ever reported, ahead of the 2013 MySpace hack that compromised over 300 million user accounts.

Yahoo blames the breach on a "state-sponsored actor," though exactly which state has still to be answered. The whole affair brings to mind the infamous 2014 quote from FBI director James Comey. "There are two kinds of big companies in the United States," he said. "There are those who've been hacked by the Chinese and those who don't know they've been hacked by the Chinese." While nobody is linking this hack to the Chinese, Comey's point is that every Internet user should assume their information is compromised, always. Internet security expert Dan Kamisky, quoted in Reuters, says the same thing: "Five hundred of the Fortune 500 have been hacked. If anything has changed, it's that these attacks are getting publicly disclosed."

Huge hack

Armed with that knowledge, it's the size of this attack that makes it such a big deal. The hack predominantly affects U.S. users, but according to Pingdom, an Internet security firm, Yahoo also has a large presence in Japan, the Philippines, Taiwan and Hong Kong, and users there should be particularly vigilant in protecting their information. But 500 million accounts is fully half of all the people who visit Yahoo every month. According to the website Pocket-lint, "Yahoo has 1 billion users around the globe. About 250 million use Yahoo Mail, while [Yahoo owned businesses] Flickr has 113 million, and several hundred million use Tumblr. About 81 million use Yahoo Finance, and tens of millions use Yahoo Fantasy Sports." Yahoo has said in a statement that no Tumblr accounts were compromised, but if you use Flickr, you should definitely be changing your passwords and looking for trouble.

What was taken and what to do

Here is the account information that Yahoo says may have been compromised: "names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers." If you were affected, Yahoo will be sending you an email letting you know, so keep an eye on your inbox. But even if you don't get an email and you're a Yahoo user, you should consider taking some basic steps to protect yourself. First, change your security questions, so they can't be used to get into your accounts. Also, Yahoo recommends that "users who haven’t changed their passwords since 2014" go ahead and do that. Also: "...avoid clicking on links or downloading attachments from suspicious emails" and watch out for "unsolicited communications that ask for personal information." These kinds of recommendations are pretty much standard all the time but they become even more important if you've been hacked.

Yahoo president and CEO Marissa Mayer speaks during the International Consumer Electronics Show in Las Vegas.​

Finally, as an intial layer of protection, Yahoo suggests setting up something called a Yahoo Account Key, which is a way to bypass passwords altogether. This works by sending you a code by text anytime you try to log into your email account. You'll have to keep your phone with you if you're logging in from a laptop or PC, so it's a bit more complicated but much safer. Unless of course, someone steals and hacks your phone. To protect against that, and if your phone has the technology, enable your thumbprint password as a way to keep your phone bad-guy free. It's a lot to think about and a lot to worry about, but the Internet isn't a safe place, and it never has been. Even way back in 2002, Richard Clarke, who was the special advisor on cybersecurity to U.S. President George W. Bush, famously said: "If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked." And as the U.S. government later discovered through massive breaches in its own personnel office, even spending millions of dollars on security is no guarantee of protection.

Yahoo Hack: Who Got Hit, Where, and How to Protect Yourself

 

[waltky]

Yahoo losin' users...

Some Yahoo users close accounts amid fears breach could have ripple effects
September 23, 2016 - Many Yahoo users rushed on Friday to close their accounts and change passwords as experts warned that the fallout from one of the largest cyber breaches in history could spill beyond the internet company's services.

After Yahoo disclosed on Thursday that hackers had stolen the encrypted passwords and personal details of more than 500 million accounts in 2014, thousands of users took to social media to express anger that it had taken the company two years to uncover the data breach. Several users said they were closing their accounts. "We're probably just going to dump Yahoo altogether," said Rick Hollister, 56, who owns a private investigation firm in Tallahassee, Florida. "They should have been more on top of this." Due to the scale of the Yahoo breach, and because users often recycle passwords and security answers across multiple services, cyber security experts warned the impact of the hack could reverberate throughout the internet.

Several users said they were scrambling to change log-in information, not just for Yahoo but for multiple internet accounts with the same passwords. Accounts at banks, retailers and elsewhere could be vulnerable. "I suppose a hacker could make the connection between my Yahoo and Gmail," said Scott Braun, 47, who created a Yahoo email when he was setting up a shop on online retailer Etsy. "They both use my first and last name. Not being a hacker, I don't know what their capabilities are." That concern was echoed in Washington. "The seriousness of this breach at Yahoo is huge," Democratic Senator Mark Warner said Thursday. The company plans to brief Warner next week about the attack, his office said. Yahoo has said that it believes that the breach was perpetrated by a state-sponsored actor.

SY Lee, a former Department of Homeland Security spokesman, said that would be of particular concern to the intelligence community, given the interest state-sponsored hackers have in compromising employees with security clearances. The FBI had not issued specific guidance to its employees on handling their personal Yahoo accounts, a spokeswoman said. British companies BT Group and Sky Plc , which use Yahoo to host email for some of their broadband customers, said they were communicating with their users. Yahoo urged users to change their passwords and security questions, but some said it would be easier just to give up their accounts because they rarely use them. The company has been losing users, traffic and ad revenue in recent years and over the summer agreed to sell its core business for $4.8 billion to Verizon .

Rachel, a 33-year-old from Newcastle, England, who asked Reuters not to use her last name, said she would be shutting down the Yahoo account she opened in 1999. Furious that the company had not protected its customers' data better, she said she thought this could be yet another blow for the email service, which has been overtaken in popularity by Google's Gmail over the last decade. But Cody Littlewood, who owns a start-up incubator in Miami Beach, was one of several users who said it was precisely because of the decline in the use of Yahoo's services that they were not worried about the hack. "Yahoo is only relevant for fantasy football. Worst case scenario, they get into my account and drop Jamaal Charles," he said, a reference to the star Kansas City running back who regularly tops fantasy football rankings.

Some Yahoo users close accounts amid fears breach could have ripple effects

 

[waltky]

Granny says, "Dat's right - dem Ruskies was tryin' to take a peek o' her yoohoo on Yahoo...

Yahoo Executives Detected a Hack Tied to Russia in 2014
Sept. 23, 2016 - Unclear whether hack was tied to massive breach disclosed Thursday

Yahoo Inc. executives detected hackers in their systems in fall 2014 who they believed were linked to Russia and were seeking data on 30 to 40 specific users of the company’s online services, a person familiar with the matter said. The person familiar with the matter didn’t know whether that attack led to the theft of information on 500 million user accounts, which Yahoo disclosed Thursday. In that disclosure, Yahoo said the information was stolen from its network in late 2014 by a “state-sponsored actor.”

The person familiar with the matter said the intrusion was discovered several weeks after the attack. The person said Yahoo reported the incident to the Federal Bureau of Investigation at the time. The FBI didn’t immediately respond to a Wall Street Journal request for comment. When asked for comment, a Yahoo spokesman pointed out law enforcement is investigating the theft of data it had disclosed Thursday. A spokesman at the Russian Embassy in Washington didn’t respond to a request for comment.

At the time of the 2014 attack, Yahoo executives concluded that it was linked to Russia because it was launched from computers in Russia, the person familiar with the matter said. In addition, the person said, the targets were people who did business in Russia. Security investigators say it isn’t unusual for more than one hacker to break into corporate networks simultaneously, sometimes muddying the water surrounding an investigation.

The person familiar with the matter said several other technology companies suffered similar targeted attacks in late 2014. The person didn’t name any other targeted companies. In recent months, hackers linked by U.S. investigators to the Russian government have allegedly leaked email messages belonging to the Democratic National Committee, which Russian officials have denied. Emails from former Secretary of State Colin Powell also were recently posted on a website with suspected ties to Russian intelligence services.

Yahoo Executives Detected a Hack Tied to Russia in 2014

 

[waltky]

Granny changed her password from Granny to ynnarG...

Password Breach Could Have Ripple Effects Well Beyond Yahoo
Wednesday 28th September, 2016 - As investors and investigators weigh the damage of Yahoo's massive breach to the internet icon, information security experts worry that the record-breaking haul of password data could be used to open locks up and down the web.

While it's unknown to what extent the stolen data has been or will be circulating, giant breaches can send ripples of insecurity across the internet. "Data breaches on the scale of Yahoo are the security equivalent of ecological disasters," said Matt Blaze, a security researcher who directs the Distributed Systems Lab at the University of Pennsylvania, in a message posted to Twitter. A big worry is a cybercriminal technique known as "credential stuffing," which works by throwing leaked username and password combinations at a series of websites in an effort to break in, a bit like a thief finding a ring of keys in an apartment lobby and trying them, one after the other, in every door in the building. Software makes the trial-and-error process practically instantaneous.

Credential stuffing typically succeeds between 0.1 percent and 2 percent of the time, according to Shuman Ghosemajumder, the chief technology officer of Mountain View, California-based Shape Security. That means cybercriminals wielding 500 million passwords could conceivably hijack tens of thousands of other accounts. "It becomes a numbers game for them," Ghosemajumder said in a telephone interview. So will the big Yahoo breach mean an explosion of smaller breaches elsewhere, like the aftershocks that follow a big quake?

Ghosemajumder doesn't think so. He said he didn't see a surge in new breaches so much as a steady increase in attempts as cybercriminals replenish their stock of freshly hacked passwords. It's conceivable as well that Yahoo passwords have already been used to hack other services; the company said the theft occurred in late 2014, meaning that the data has been compromised for as long as two years. "It is like an ecological disaster," Ghosemajumder said in a telephone interview. "But pick the right disaster. It's more like global warming than it is an earthquake. ... It builds up gradually."

The first hint that something was wrong at Yahoo came when Motherboard journalist Joseph Cox started receiving supposed samples of credentials hacked from the company in early July. Several weeks later, a cybercriminal using the handle "Peace" came forward with 5,000 samples -- and the startling claim to be selling 200 million more. On Aug. 1 Cox published a story on the sale , but the journalist said he never established with any certainty where Peace's credentials came from. He noted that Yahoo said most of its passwords were secured with one encryption protocol, while Peace's sample used a second. Either Peace drew his sample from a minority of Yahoo data or he was dealing with a different set of data altogether. "With the information available at the moment, it's more likely to be the latter," Cox said in an email Tuesday.

The Associated Press has been unable to locate Peace. The darknet market where the seller has been active in the past has been inaccessible for days, purportedly due to cyberattacks. At the moment it's not known who holds the passwords or whether a state-sponsored actor, which Yahoo has blamed for the breach, would ever have an interest in passing its data to people like Peace . Meanwhile Yahoo users who recycle their passwords across different sites may be at risk. And while an internet-wide password reset is one option, Yahoo's announcement that some security questions were compromised too means that the risks associated with the breach are likely to linger. A password can be changed, after all, but how do you reset your mother's maiden name?

Password Breach Could Have Ripple Effects Well Beyond Yahoo

 

[waltky]

A bit late in reporting hack...

Yahoo hack may become test case for SEC data breach disclosure rules
Fri Sep 30, 2016 | Yahoo's disclosure that hackers stole user data from at least 500 million accounts in 2014 has highlighted shortcomings in U.S. rules on when cyber attacks must be revealed and their enforcement.

Democratic Senator Mark Warner this week asked the U.S. Securities and Exchange Commission to investigate whether Yahoo and its senior executives properly disclosed the attack, which Yahoo blamed on Sept. 22 on a "state-sponsored actor." The Yahoo hack could become a test case of the SEC's guidelines, said Jacob Olcott, former Senate Commerce Committee counsel who helped develop them, due to the size of the breach, intense public scrutiny and uncertainty over the timing of Yahoo's discovery. Yahoo has not specifically addressed when it learned of the 2014 attack. And the vagueness of SEC's 2011 rules on disclosure and its failure to enforce them are drawing equal attention, privacy lawyers and cyber security experts said.

The agency has "been looking for the right case to bring forward," said Olcott. The agency in 2011 told publicly traded companies to report hacking incidents that could have a “material adverse effect on the business” but did not define that. SEC has never acted against a company for failing to disclose a cybersecurity incident or threat, and it has brought just two enforcement actions against companies for insufficient data protection, an agency spokesman said. Lawyers said this reflected difficulty in determining if breaches were material and many companies' belief that reporting on cyber threats generally satisfies the disclosure requirement.

Yahoo has not offered a precise timeline about when it was made aware of the breach. On Sept. 9, it said in an SEC filing it did not know of "any incidents of, or third party claims alleging ... unauthorized access" of customers' personal data that could have a material adverse effect on Verizon Communication Inc's (VZ.N) planned $4.8 billion acquisition of Yahoo's core business. Since then, Yahoo has not clarified if it knew of the attack before that SEC filing. "Our investigation into this matter is ongoing and the issues are complex," a Yahoo spokesman said last week.

In his letter, Warner asked the SEC to evaluate whether the current disclosure regime was adequate. He cited reports that fewer than 100 of 9,000 public companies disclosed a material data breach since 2010. “I don’t know that we need new rules. But in certain situations, you may need more aggressive enforcement," said Roberta Karmel, a Brooklyn Law School professor. The SEC in 2014 examined whether cyber disclosure rules needed to be strengthened and imposed new requirements for broker-dealers and investment advisers but not public companies.

'PUNISH THE VICTIM'

 

[QuickHitCurepon]

Half a billion email accounts were hacked and Yahoo just now reporting it.

Are you sure it wasn't half a quadrillion?

 

[QuickHitCurepon]

The NSA has zillions of e-mails to sift through. I hope they have good computer operators. LMAOROFL

The more you 'talk' on line, the larger the number of communications. FYI Even Morse Code is a communique.

Tell me why!