Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo is expected to confirm massive data breach - hundreds of millions of users


  • Please log in to reply
27 replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 24,311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 PM

Posted 22 September 2016 - 07:23 AM

 hacker named “Peace” is bringing chaos to the Internet giant just as its sale to Verizon is pending.

 Yahoo is poised to confirm a massive data breach of its service, according to several sources close to the situation, hacking that has exposed several hundred million user accounts.

While sources were unspecific about the extent of the incursion, since there is the likelihood of government investigations and legal action related to the breach, they noted that it is widespread and serious.

Earlier this summer, Yahoo said it was investigating a data breach in which hackers claimed to have access to 200 million user accounts and was selling them online. “It’s as bad as that,” said one source. “Worse, really.”

 

Article

 

Just to clarify, as the article states, this was detected and known this year. This a confirmation from Yahoo.


Edited by JohnC_21, 22 September 2016 - 07:31 AM.


BC AdBot (Login to Remove)

 


#2 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:04:16 PM

Posted 22 September 2016 - 07:47 AM

I thought Yahoo died out around the time of Sega Saturn. Didn't even knew people still used them for email.



#3 JohnC_21

JohnC_21
  • Topic Starter

  • Members
  • 24,311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 PM

Posted 22 September 2016 - 07:54 AM

I thought Yahoo died out around the time of Sega Saturn. Didn't even knew people still used them for email.

I bailed on yahoo this year. It was a big pain because I had to go through I don't know how many accounts to change my email from yahoo. Yahoo videos inside email was the last straw.

 

ComputerWorld

 

It’s also noteworthy that the breach started as a rumor, that a hacker named Peace was offering the usernames and passwords on the dark web. What’s significant now is that, if Yahoo does confirm the security breach, it opens up new questions about Yahoo security practices, their technical prowess, and even the ability of CEO Marissa Mayer to lead through a crisis.

The timing could not be worse. Mayer is already a high-profile figure who has made several high-profile mistakes, namely (in my opinion) in failing to generate any buzz about new innovations. Yahoo is still a banner-happy, advertising hungry engine quivering in the Google shadow. While Google is creating autonomous car tech and making indispensable apps for the Android OS they invented, Yahoo has stayed content with the same basic services, rarely creating any “must download” apps and relying only on past accomplishments and acquisitions.

 


Edited by JohnC_21, 22 September 2016 - 10:23 AM.


#4 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:05:16 PM

Posted 22 September 2016 - 10:31 AM

I thought Yahoo died out around the time of Sega Saturn. Didn't even knew people still used them for email.

I don't use Yahoo for email but I do use it for fantasy football every year though. This breach could explain why a couple weeks ago I got an email saying my password was changed...


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#5 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 22 September 2016 - 11:07 AM

 

I thought Yahoo died out around the time of Sega Saturn. Didn't even knew people still used them for email.

I bailed on yahoo this year. It was a big pain because I had to go through I don't know how many accounts to change my email from yahoo. Yahoo videos inside email was the last straw.

 

Videos inside emails? Like ads?!??!?!

 

 

I thought Yahoo died out around the time of Sega Saturn. Didn't even knew people still used them for email.

 

My roommate still uses them. She always has. And yes, she is somebody's grandma. Only people I know using Yahoo are people's parents. 



#6 JohnC_21

JohnC_21
  • Topic Starter

  • Members
  • 24,311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 PM

Posted 22 September 2016 - 11:30 AM

 

 

I thought Yahoo died out around the time of Sega Saturn. Didn't even knew people still used them for email.

I bailed on yahoo this year. It was a big pain because I had to go through I don't know how many accounts to change my email from yahoo. Yahoo videos inside email was the last straw.

 

Videos inside emails? Like ads?!??!?!

 

 

I thought Yahoo died out around the time of Sega Saturn. Didn't even knew people still used them for email.

 

My roommate still uses them. She always has. And yes, she is somebody's grandma. Only people I know using Yahoo are people's parents. 

 

Yes, if your inbox is empty and you don't have an adblocker yahoo will give you videos. Pathetic.

 

https://www.h3xed.com/web-and-internet/how-to-remove-yahoo-empty-inbox-folder-video-ads



#7 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:04:16 PM

Posted 22 September 2016 - 12:20 PM

 

I thought Yahoo died out around the time of Sega Saturn. Didn't even knew people still used them for email.

I bailed on yahoo this year. It was a big pain because I had to go through I don't know how many accounts to change my email from yahoo. Yahoo videos inside email was the last straw.

 

 

Been there, done that. I had a similar trouble with Gmail. Not using the email address was easy but losing Google Voice, Youtube, Google Documents, Bookmarks/passwords inside Chrome and all the sub accounts I had attached to it was a PIA. Still haven't figured out what to do.  Big brother is bad enough, at-least Google has decent security.



#8 JohnC_21

JohnC_21
  • Topic Starter

  • Members
  • 24,311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 PM

Posted 22 September 2016 - 01:19 PM

Personally, after this announcement  I wouldn't touch Yahoo mail, or any Yahoo service for that matter, with a 10 foot pole.

 

http://www.cbsnews.com/news/consumer-group-yahoo-users-shouldnt-be-reading-reports-of-massive-breach/

 

“Consumers should be not be reading in the news something Yahoo hasn’t told them,” said Susan Grant, director of consumer protection and privacy at the Consumer Federation of America. “They should be hearing this from Yahoo, not only that we had this problem -- but also about what to do.”

 

 

 



#9 JohnC_21

JohnC_21
  • Topic Starter

  • Members
  • 24,311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 PM

Posted 22 September 2016 - 02:05 PM

Number of accounts has grown to over 500 million.

The data stolen may have included names, email addresses, telephone numbers, dates of birth and hashed passwords but may not have included unprotected passwords, payment card data or bank account information, the company said.

"The investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network," the company said.

 

Article


Edited by JohnC_21, 22 September 2016 - 02:05 PM.


#10 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:07:16 AM

Posted 22 September 2016 - 06:48 PM

I used to dabble in yahoo a long time ago, i managed to find a way where i could login to any email account with out a password.

I wont go into specifics but i gave this info to only one person who was a hacker and a good one at that.

 

He then used it to access some of the biggest names in America, RE Politicians and musicians.

Never used yahoo for anything serious and never used it since i found this method, all you had to do was change a key factor in the URL.



#11 JohnC_21

JohnC_21
  • Topic Starter

  • Members
  • 24,311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 PM

Posted 22 September 2016 - 08:23 PM

It turns out Yahoo knew about the breach for a couple of months but Verizon, who intends to purchase Yahoo, only found out two days ago. Great communication Yahoo. You will not be missed.



#12 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:04:16 PM

Posted 22 September 2016 - 08:24 PM

I used a similar method to get into specific video streaming sites.  :blush: It is amazing how insecure the internet in general is. 

 

Also, any possibility this could have been a inside job to give Verizon a better seat at the negotiation table? Release some zero day vulnerabilities to 3rd parties, let the script kiddies do their thing, then come in and pick up the pieces. Except Yahoo swept it under the rug. Bravo.


Edited by Trikein, 22 September 2016 - 08:27 PM.


#13 pcpunk

pcpunk

  • Members
  • 6,008 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:16 PM

Posted 23 September 2016 - 09:23 AM

Also, any possibility this could have been a inside job to give Verizon a better seat at the negotiation table? Release some zero day vulnerabilities to 3rd parties, let the script kiddies do their thing, then come in and pick up the pieces. Except Yahoo swept it under the rug. Bravo.

Good point!  I like conspiracies.


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#14 pcpunk

pcpunk

  • Members
  • 6,008 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:16 PM

Posted 23 September 2016 - 09:25 AM

What puzzled me a little was the term they are using "state-sponsored actor" in some of their Warnings.

https://help.yahoo.com/kb/account/SLN27925.html?impressions=true

 

They also say this:

"You can change your Yahoo password or security questions and answers by clicking here."

 

But I don't see any way to change the "Security Questions" I changed my Password.

 

Guess I'll need to start a Thread, or can I get answers here?


Edited by pcpunk, 23 September 2016 - 09:50 AM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#15 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:05:16 PM

Posted 23 September 2016 - 10:30 AM

Also, any possibility this could have been a inside job to give Verizon a better seat at the negotiation table? Release some zero day vulnerabilities to 3rd parties, let the script kiddies do their thing, then come in and pick up the pieces. Except Yahoo swept it under the rug. Bravo.

I doubt it. Most hacks would have started almost a year before they even realized it, especially if they were able to gather that much info. So I'd say there isn't much possibility of a conspiracy going on here. Lol


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users