Yahoo Hacked Again… Time to Run Away From Yahoo

By | December 14, 2016
Print pagePDF page

Yahoo Hacked Again… Time to Run Away From Yahoo

Two days ago we wrote an article advising all Yahoo users to close their accounts due to Yahoo’s lack of security and apparent inability to deal with it. Just when we thought it could not get any worse with Yahoo … it just got worse. This time, Yahoo admits that it had more than one billion accounts stolen.

The following article appeared today ( 14 December 2016) on ZDNet:

Yahoo hacked again, more than one billion accounts stolen

(Image: file photo)

Yahoo has disclosed that more than one billion accounts may have been stolen from the company’s systems in another cyberattack.

The company said in a statement Wednesday after the markets closed that unnamed attackers stole the accounts in August 2013, a little over a year prior to a previously disclosed attack in September, in which attackers stole around 500 million accounts in 2014.

But the company said it wasn’t able to identify the intrusion associated with August breach.

The statement said that the hackers may have stolen names, email addresses, telephone numbers, hashed passwords (using the weak, easy to crack MD5 algorithm) dates of birth, and in some cases encrypted or unencrypted security questions and answers.

Yahoo said it has invalidated unencrypted security questions and answers so that they cannot be used to access affected accounts.

But payment card data and bank account information, stored in separate systems, are not thought to have been stolen in the attack.

Source code stolen

The company also admitted that hackers may have developed a way of accessing accounts without a password by stealing Yahoo’s secret source code.

“Based on the ongoing investigation, the company believes an unauthorized third party accessed the company’s proprietary code to learn how to forge cookies,” which can be used to store authentication credentials locally.

“The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used,” said the statement.

Yahoo has also invalidated the cookies.

Reporting delay ‘unacceptable’

It’s the latest security blow against the former internet giant, which earlier this year said it had been attacked by “state-sponsored” hackers — just as it was being bought by Verizon for $4.8 billion.

But Yahoo still hasn’t said who behind the attack, or which state may have sponsored the hackers.

Verizon reiterated its statement on Wednesday, saying the company “will evaluate” the purchase as Yahoo continues its investigation…

You can read the entire article on ZDNet …

 

10 thoughts on “Yahoo Hacked Again… Time to Run Away From Yahoo

  1. Dawn Campbell

    Is this why there is such a sudden influx of friend requests on FB that are obviously hacked?

    Reply
  2. Bob Brooks

    Please give us senior citizens an easy to understand tutorial on how to use Gmail. It was quite confusing to understand compared to Yahoo mail. I’m ready to learn but need easy to understand instructions.

    Reply
  3. Gay Carefoot

    Is this worldwide? or is just for Yahoo customers in the USA? I am still using Yahoo, for the simple reason is that when I travel to other countries or the carribbean, I am able to have access to my financial accounts plus other bill paying accounts because Yahoo is worldwide known, other email accounts are not as well known and therefore do not know if there are other more well known secure email sites to use.

    My mum had gmail, and I had a very hard time understanding this email, but that was 4 years ago, I do not know if there has been changes made to this. Another well known one that I know of is hotmail. Is this too under bad vibes?

    Reply
  4. Marie Habbick

    Still frantic as AT&T uses Yahoo for my email! It is forwarded to my Outlook program but still! Yikes.

    Reply
  5. Bev

    I would love to cancel my Yahoo account but can’t get in to do so. No matter if I use my User ID or my E-mail or home phone as sign in. Says Invalid so I try the Recover Password and it won’t recognize my e-mail. Tried in all 3 browsers and still can’t get in.

    Reply
  6. Jennifer Akridge

    I have tried numerous times to terminate my account following their instructions to no avail. Is there another sure fire way to do it?

    Reply
  7. Bev

    Thank you so very much TC. Merry Christmas and Happiest New Year. You went beyond for the Yahoo reply.

    Reply
  8. Bev

    Thank you so very much TC. Merry Christmas and Happiest New Year. You went beyond for the Yahoo reply.

    Reply
  9. Mary

    My question is, If this happened in 2013, then the Hackers have already had access to the accounts since then, so what’s the point in deleting the email accounts now. Isn’t the damage already done?

    Reply
    1. infoave Post author

      It’s been happening. It happened in 2012 and 2013 and we’re all just finding out about it now. Do you have a reason to believe that Yahoo has suddenly fixed all the problems, and 3 years from now, we’re not going to hear that 1 billion Yahoo accounts were hacked in 2016? What has Yahoo done to earn your trust. Yahoo seems to have a 3 year time delay between when they become aware of a problem and when they admit it. Do you really want to trust a company like that?

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *