Mark Minasi's Tech Forum
Register Calendar Latest Topics
 
 
 


Reply
  Author   Comment   Page 1 of 2      1   2   Next
DennisMCSE

Senior Member
Registered:
Posts: 155
Reply with quote  #1 
Seems the hack took place in 2014, and the email addresses have been up for sale on the Dark Web up until now.

http://www.theglobeandmail.com/technology/yahoo-set-to-confirm-massive-data-breach-recode/article31997906/

0
cspanburgh

Avatar / Picture

Senior Member
Registered:
Posts: 219
Reply with quote  #2 
Yikes!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I don't have an account.   They never had my confidence.

Wow!!!!

__________________
Curt Spanburgh
0
jsclmedave

Administrator
Registered:
Posts: 446
Reply with quote  #3 
Quote:
Originally Posted by DennisMCSE
Seems the hack took place in 2014, and the email addresses have been up for sale on the Dark Web up until now.

http://www.theglobeandmail.com/technology/yahoo-set-to-confirm-massive-data-breach-recode/article31997906/



At least they waited 2 years to announce it...

__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
DennisMCSE

Senior Member
Registered:
Posts: 155
Reply with quote  #4 
Tim, that's the thing. Did they know about it for 2 years and just letting people know now, or did they just find out about it now because the email addresses are up for sale. Also, will be interesting to see if this affects the Verizon buyout or not.
0
donoli

Senior Member
Registered:
Posts: 530
Reply with quote  #5 
CSPAN, I'm with you. I never had any faith in Yahoo. 

At one time, a user could open an email account without providing his or her personal info.  These days, personal info is demanded to open an account.
0
DennisMCSE

Senior Member
Registered:
Posts: 155
Reply with quote  #6 
Quote:
Originally Posted by donoli
CSPAN, I'm with you. I never had any faith in Yahoo. 

At one time, a user could open an email account without providing his or her personal info.  These days, personal info is demanded to open an account.


And in the old days, there was no dual factor authentication or any security on email accounts. By providing things like your phone number when creating an account, you can get a text message to allow the login if it's from a device that you don't normally log in from. So in my opinion, I'd rather have the added security than having no clue when or by who my account was hacked.

The fact that I haven't received any text messages from Yahoo about my account being accessed from a device that isn't mine, gives me some peace of mind that I changed my password before my account was accessed. Can't say that for any of the email accounts where I don't have dual factor authentication set up. Those accounts could have been hacked and abused and I'd have no clue.

So there is a reason for personal information being requested when creating new accounts (similar to this forum that asks that your firstname and lastname be added to your account). The information also proves that you are a real individual instead of a spambot or an account that would be used for trolling on websites. Requesting the Date of Birth for the new account also proves that you are old enough to legally agree to the Terms and Conditions of the website (I believe you have to be a certain minimum age to agree to most contracts).

0
jsclmedave

Administrator
Registered:
Posts: 446
Reply with quote  #7 
Quote:
Originally Posted by DennisMCSE
Tim, that's the thing. Did they know about it for 2 years and just letting people know now, or did they just find out about it now because the email addresses are up for sale. Also, will be interesting to see if this affects the Verizon buyout or not.


"So how long after Yahoo learned of the hack did it warn consumers? We don’t know for sure. The company acknowledged in early August that it was looking into reports of Yahoo accounts for sale on the Internet. But the hack itself occurred in late 2014, so it’s also possible the company has known about the breach for much longer and just covered it up."

http://fortune.com/2016/09/23/yahoo-hack-legal/

They are not divulging which makes me think "someone" warned them early but they were told to be quiet...  Imagine if you were  person who was crying out but was made to be quiet or ignored...

My common sense is tingling on this one.   There will be more to come and it will not be good for Yahoo...

__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
DennisMCSE

Senior Member
Registered:
Posts: 155
Reply with quote  #8 
Tim, was reading another article about how Marissa Mayer is expected to make $44 million dollars after the Verizon deal settles and she leaves the company. The other executives stand to make millions as well. If the deal falls through, kind of think that money doesn't get paid out. So wonder who would want to keep that information about a data breach quiet? Things that make you want to go "Hmmmmm..." [wink]

0
donoli

Senior Member
Registered:
Posts: 530
Reply with quote  #9 
Quote:
So in my opinion, I'd rather have the added security than having no clue when or by who my account was hacked.


Their added client side security had a reverse effect since their server side security failed.
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 832
Reply with quote  #10 
I have a Yahoo account.

I use it for all the basic rubbish i want to view but not allow my address get sold on.

Can't saw I've noticed its hacked it gets that much spam [biggrin]

__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
DennisMCSE

Senior Member
Registered:
Posts: 155
Reply with quote  #11 
Quote:
Originally Posted by wobble_wobble
I have a Yahoo account.

I use it for all the basic rubbish i want to view but not allow my address get sold on.

Can't saw I've noticed its hacked it gets that much spam [biggrin]


Joe, there is a website you can go to to see if your email accounts have been hacked and which website it was hacked on (the Yahoo hack isn't on there yet). It was created by Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security. You type in your email address and it will tell you if it was hacked and on which website.  He's amassed a list from 144 hacked websites now. When you search with your email address, it compares it to all the hacked website lists and tells you which website your email address was hacked on.

https://haveibeenpwned.com/


0
jsclmedave

Administrator
Registered:
Posts: 446
Reply with quote  #12 
Quote:
Originally Posted by DennisMCSE


Joe, there is a website you can go to to see if your email accounts have been hacked and which website it was hacked on (the Yahoo hack isn't on there yet). It was created by Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security. You type in your email address and it will tell you if it was hacked and on which website.  He's amassed a list from 144 hacked websites now. When you search with your email address, it compares it to all the hacked website lists and tells you which website your email address was hacked on.

https://haveibeenpwned.com/




YEP!  https://haveibeenpwned.com/  is where I found out my FB account was pooched via FORBES magazine.

You can also follow (highly recommend doing so if you use Twitter) Troy at  @troyhunt

__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
Wobble_Wibble

Avatar / Picture

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 45
Reply with quote  #13 
Quote:
Originally Posted by DennisMCSE


Joe, there is a website you can go to to see if your email accounts have been hacked and which website it was hacked on (the Yahoo hack isn't on there yet). It was created by Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security. You type in your email address and it will tell you if it was hacked and on which website.  He's amassed a list from 144 hacked websites now. When you search with your email address, it compares it to all the hacked website lists and tells you which website your email address was hacked on.

https://haveibeenpwned.com/




Considering I get about 300 spam a day to the account it's hard to not think it's been hacked.

__________________
Press any key....
Yes, any key....
OK, try the space bar.
0
jsclmedave

Administrator
Registered:
Posts: 446
Reply with quote  #14 
Ahem,,,


Yahoo could have reset all user passwords two years ago, but chose not to

Yahoo insiders say that protecting against hackers took a back seat.
https://www.grahamcluley.com/yahoo-reset-user-passwords-years-ago-chose/



__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
donoli

Senior Member
Registered:
Posts: 530
Reply with quote  #15 
Quote:
Yahoo insiders say that protecting against hackers took a back seat.


Are you surprised?  I'm not.
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.