Drudge Retort: The Other Side of the News
Thursday, September 22, 2016

At least half a billion Yahoo accounts have been breached by what investigators believe is a nation-sponsored hacking operation. Attackers probably gained access to a wealth of holders' personal information, including names, e-mail addresses, phone numbers, birth dates, answers to security questions, and cryptographically protected passwords. Yahoo Chief Information Security Officer Bob Lord dropped that bombshell announcement on Thursday afternoon, several hours after news site Recode reported the company was poised to disclose a compromise affecting several hundred million accounts.

Advertisement

Advertisement

Liberal Blog Advertising Network

More

Comments

Admin's note: Participants in this discussion must follow the site's moderation policy. Profanity will be filtered. Abusive conduct is not allowed.

www.drudge.com

5:15PM

#1 | Posted by gracieamazed at 2016-09-22 07:53 PM | Reply

oh yeah, people still use Yahoo... like dinosaurs and primates...

#2 | Posted by AuntieSocial at 2016-09-22 08:01 PM | Reply

It's hard working in tech and trying to explain to stakeholders that getting hacked is a matter of when, not if.

They don't get why, so they're not willing to spend money to address a problem they can't understand.

#3 | Posted by snoofy at 2016-09-22 08:04 PM | Reply

The thing is, I don't see how this hurts Yahoo, since Yahoo's valuation is based on their stake in Alibaba, not on being AOL 2.0.

#4 | Posted by snoofy at 2016-09-22 08:36 PM | Reply

So that means each Yahoo user had five million accounts?

#5 | Posted by censored at 2016-09-22 09:42 PM | Reply | Funny: 2

Breaking News:
Well Fargo announces merger with Yahoo

#6 | Posted by snoofy at 2016-09-22 09:44 PM | Reply | Funny: 2

2014? We are just hearing about it?

#7 | Posted by sawdust at 2016-09-22 09:49 PM | Reply


This hack is real and very bad.

If you have a Yahoo account, some things to consider:

- if you use the same password on Yahoo as other sites, change those passwords now.

- if you use the same security questions (or answers) on Yahoo as other sites, change the questions (or the answers) now.

- if you were foolish enough to give Yahoo your correct birthdate, change your birthdate now.

This is very real and very scary.

#8 | Posted by LampLighter at 2016-09-22 10:14 PM | Reply

if you were foolish enough to give Yahoo your correct birthdate, change your birthdate now.

I just changed my birthday to Y2K. That way, when they try to hack me, all their computers will crash! Genius.

#9 | Posted by snoofy at 2016-09-22 10:16 PM | Reply


@#9 ...I just changed my birthday to Y2K...

The usual reason a website asks for your birthdate is to confirm that you're not a minor and subject to more stringent laws.

So whenever a website asked me for a birthdate, I always entered a date that indicated I was over 21, but it was a random date (chosen by a random number generator).

#10 | Posted by LampLighter at 2016-09-22 10:39 PM | Reply

Advertisement

Advertisement

SNOOFY - How did you change the birth date? I was able to change my password, but the b-day seems to be a problem.

#11 | Posted by Karabekian at 2016-09-22 10:44 PM | Reply

This happened 2 years ago. Don't burn yourselves out trying to close the barn door now.

#12 | Posted by REDIAL at 2016-09-22 10:50 PM | Reply


...I was able to change my password, but the b-day seems to be a problem....

Yeah, the birthdate thing is something you have to be aware of when you first sign up for a site. Most (all?) sites assign an immutable attribute to the birthdate.

If you've given up your actual birthdate, well, welcome to personal data collection on the Internet.

#13 | Posted by LampLighter at 2016-09-22 11:02 PM | Reply


This happened 2 years ago. Don't burn yourselves out trying to close the barn door now.

Yes, two years ago. Yahoo was, imo, irresponsibly slow in reporting this to the public.

Again, imo, if anyone still wants to be a Yahoo customer after this awful disregard for customer security, that person needs to take a step back and re-exam how he/she views web security.

500 million Yahoo accounts, private information exposed.

Wow.

#14 | Posted by LampLighter at 2016-09-22 11:08 PM | Reply

Yahoo is quick to block access from users who make even an accidental innocent password mistake. Realistically all of these no commercial web sites are so vulnerable they do not deserve to get any real information from users, even their IP.

#15 | Posted by Robson at 2016-09-22 11:37 PM | Reply

I wonder if Verizon is reconsidering their purchasing of Yahoo.

#16 | Posted by MSgt at 2016-09-22 11:38 PM | Reply


@#15 ... Yahoo is quick to block access from users who make even an accidental innocent password mistake. ...

What frightens me about this breach is the 500 million user aspect of it.

With a single person and a single password, the likelihood of cracking an encrypted password is low, due to the protections you mention.

But when you have 500 million encrypted passwords at your disposal, the likelihood of cracking those passwords is increased due to the sheer number of encrypted passwords involved.

At that point, once the encryption algorithm is discovered, the passwords become open text.

#17 | Posted by LampLighter at 2016-09-22 11:45 PM | Reply

That's what the salt tinyurl.com is for, but 500 million is a lot to salt.

#18 | Posted by snoofy at 2016-09-22 11:53 PM | Reply


I do not click on tinyurl.com links (or any of those redirection links, for that matter). I have no idea whether or not those links will be malicious. Please post the full link.

This isn't twitter, you have more than 140 characters to work with. :)

#19 | Posted by LampLighter at 2016-09-23 12:02 AM | Reply

I can't post the link because this website won't parse it.

But I'll try.

en.wikipedia.org(cryptography)

#20 | Posted by snoofy at 2016-09-23 12:06 AM | Reply

en.wikipedia.org(cryptography)
might work better ?

#21 | Posted by snoofy at 2016-09-23 12:07 AM | Reply

There is a class action lawsuit getting underway against Yahoo for the negligence of the BOD in spite of known security concerns.

#22 | Posted by GOnoles92 at 2016-09-24 11:07 AM | Reply

Yeah, the birthdate thing is something you have to be aware of when you first sign up for a site. Most (all?) sites assign an immutable attribute to the birthdate.
#13 | Posted by LampLighter

It's because of COPPA. They are required to censor parts of their service to users under 13. Plus are the parts they are required to censor if you are under 18.

#23 | Posted by snoofy at 2016-09-24 03:18 PM | Reply

Comments are closed for this entry.

Home | Breaking News | Comments | User Blogs | Stats | Back Page | RSS Feed | RSS Spec | DMCA Compliance | Privacy | Copyright 2016 World Readable

Drudge Retort