Updated: Yahoo may soon confirm massive data breach

Update: Yahoo has confirmed the data breach, and says the leaked information pertains to 500 million accounts and dates back to 2014. The leaked data "may have included names, email addresses, telephone numbers, dates of birth, hashed passwords […] and, in some cases, encrypted or unencrypted security questions and answers." The company will be notifying affected users. We urge anyone with a Yahoo account to change their password immediately. The original story follows below:

Technology news website Recode reports former web search leader Yahoo may imminently acknowledge a massive data breach. The site claims that "several hundred million" user accounts may have been compromised.

Rumors of a breach began circulating back in August when a black hat hacker going by the name "Peace" claimed to have data pertaining to 200 million breached accounts for sale. At that time, a Yahoo spokesperson admitted the company was investigating the claim.

Recode's sources did not provide specific information on the timing the extent of the breach. According to the site, Peace claimed the data for sale was of 2012 vintage. The black hat claimed the data includes user names, MD5-hashed passwords, birth dates, and email addresses. Peace did not state whether Flickr and Tumblr accounts, which use Yahoo logins, are likewise affected.

Yahoo reached an agreement to sell itself to Verizon for $4.8 billion on July 25 (excluding Yahoo's 15% stake in Chinese e-commece giant Alibaba). ETF Daily News suggests that "that deal could now be in jeopardy, at least from a price perspective, as Verizon is sure to investigate the issue and possibly ask for a lower price."

Regardless of the age of the data contained within the alleged breach, we suggest that users with Yahoo accounts change their login credentials as soon as possible.

Comments closed
    • kamikaziechameleon
    • 5 years ago

    Yahoo really sat on their hands with this one. hoping to get through the deal. I can’t blame them except we know they did and so will verizon. Its likely going to be a PR nightmare and hurt that deal a good amount.

    Yahoo has done a good job of turning itself around and offering high end services no one else in the internet was offering till the last couple months. Flickr specifically is exception if your a photography person, it had been the best free option out there, and still is though the paid option side of things is heating up.

    • Klimax
    • 5 years ago

    That night be second breach that might affect me. (Previous one was Adobe…)

    • daniel123456
    • 5 years ago

    Does anybody know where the hackers are selling the info?
    Haven’t used the yahoo account for years and need to recover my password and security questions’ answers.

      • VinnyC
      • 5 years ago

      Just type in your credit card number here. Don’t worry, it’s encrypted see? ****-****-****-****

    • Kougar
    • 5 years ago

    What a bunch of yahoos

      • Neutronbeam
      • 5 years ago

      Yahooligans!

    • Peldor
    • 5 years ago

    Maybe those yahoos should send everyone $12 for a lastpass sub. Sure it’s more than the value of Yahoo but it’s the right thing to do.

    • derFunkenstein
    • 5 years ago

    The only thing I get interesting in my Yahoo email is someone else’s Discover bill. For many moons, apparently, someone had been using my Yahoo email address while all I used it for was fantasy sports leagues here on TR.

    One day I logged into the account and found all kinds of stuff, including an Instagram account (which I promptly changed the password on, poor dumbass), Facebook notifications (which I also changed the password for), and emails form Discover with some guy’s statement (which I have not touched, because even though he’s an idiot I don’t want to get in legal trouble). For a while I amused myself by redacting those emails and [url=http://someguysdiscoverbill.tumblr.com/<]putting them on Tumblr[/url<] but that got old fairly quickly. After that, I turned on 2FA and now I get reset codes every so often, but dammit, that's my account that I registered in 1996.

      • Convert
      • 5 years ago

      Me too! Why though? A few of my gmail accounts have the same thing. They have someone else’s Instagram and facebook accounts associated with them. The accounts seem legitimate, so why are they using my email when they can’t access it?

      It doesn’t make any sense, why not just create a free email address yourself and sign up the account. I thought maybe it was just a case of mistyping a similar address but it’s happened with too many of the accounts and they are always either IG or FB.

        • FuturePastNow
        • 5 years ago

        Me too. My “real name” Gmail account gets all kinds of stuff for other people, and the accounts all seem to be legitimately real people. And it’s not people using my address as a throwaway, it’s lots of school/university stuff and once even a Netflix account (I deleted their credit card info and changed their password).

      • Dizzytaz00
      • 5 years ago

      With the discover card. I would be checking my credit reports for identity fraud.

        • derFunkenstein
        • 5 years ago

        I did that first thing when I saw it but it’s not me. My real name and info isn’t even on the yahoo account. The card isn’t in my name either. So now he’s just some dumbass.

    • NeelyCam
    • 5 years ago

    Found this from the “Security Notice” that Yahoo sends to affected users:

    [quote<]"A copy of certain user account information was stolen from our systems in late 2014 by what we believe is [b<][i<]a state-sponsored actor[/i<][/b<]. We are closely coordinating with law enforcement on this matter and working diligently to protect you."[/quote<] Interesting.

      • Neutronbeam
      • 5 years ago

      Well, clearly Yahoo was already in a state of denial.

      • chuckula
      • 5 years ago

      New Over-used Buzzword to expect anyone and everyone to use: “State sponsored actor”

      Reason: OMG! IT’S NOT OUR FAULT THAT OUR SECURITY POLICIES MAKE SWISS CHEESE LOOK AIRTIGHT! THE RUSSKIES DID IT!

        • derFunkenstein
        • 5 years ago

        [quote<] RUSSKIES[/quote<] ...Dad?

          • chuckula
          • 5 years ago

          What, haven’t you heard?
          Beating on the Russkies is the old-new-again hotness ever since “they” hacked Hillary’s emails.

            • derFunkenstein
            • 5 years ago

            No, but man, that epithet really brings back memories. Back when the only state-sponsored actor was President Reagan and my dad ranted on about how he was going to drop The Big One on us.

    • homerdog
    • 5 years ago

    Whenever I register on questionable sites my Yahoo account is very useful. As a result the inbox puts /b/ to shame.

      • CheetoPet
      • 5 years ago

      Yep. And their spam filter aint all that swell either.

    • NeelyCam
    • 5 years ago

    By the way, maybe you could update the article title from “Updated: Yahoo may soon confirm massive data breach” to “Updated: Yahoo has confirmed a massive data breach” or something to that effect

      • I.S.T.
      • 5 years ago

      Definitely should do this, TR.

    • NeelyCam
    • 5 years ago

    [quote<]"The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, [b<][i<]encrypted or unencrypted security questions and answers. [/i<][/b<]"[/quote<] This is brutal. Lots of websites force you to pick security questions from a list of options. As a result, at least in my case, I tend to use the same security questions on multiple sites. Having those out there means passwords can be bypassed on multiple sites.

      • chuckula
      • 5 years ago

      Security questions are the #1 worst thing I can’t stand about password management on most sites.

        • Waco
        • 5 years ago

        Yup. I have a bank of false answers for them, but given that there are only so many questions asked…it wouldn’t take much to cross-reference multiple site leaks and bypass the whole point of the system in the first place.

          • meerkt
          • 5 years ago

          I don’t get the problem. My favorite superhero on Yahoo is lk3j42L#KJeDFI@%LKJWERmsdnfM<ndmf,M.r,m.

            • LocalCitizen
            • 5 years ago

            well, you just got that problem now

            • alloyD
            • 5 years ago

            Funny… that’s my mother’s maiden name!

      • Pholostan
      • 5 years ago

      You need to treat security questions the same as passwords, aka unique random strings for every website.

    • chuckula
    • 5 years ago

    Marissa Meyer hired a spokesman to [url=https://www.youtube.com/watch?v=kMFJBd40Awo<]deliver a serious statement regarding her reaction to this event.[/url<]

    • chµck
    • 5 years ago

    So, what does everyone here use as their email solution?

      • Neutronbeam
      • 5 years ago

      The telephone.

      • CScottG
      • 5 years ago

      For the most part Gmail.. but for more specific solutions like you bank, credit card co., etc. – use a different secure email provider (one for each use-case).

      ex.

      [url<]https://protonmail.com/[/url<]

      • sweatshopking
      • 5 years ago

      Gmail, though not as an active account I still give out, and for most emails I use outlook.com

      • trackerben
      • 5 years ago

      There aren’t many left of the free & reliable all-in platforms – I trust outlook, gmail, icloud. These have been secure so far, especially icloud. I may have to update one of my prepped accounts on niche platforms like protonmail.

      edit: trust insofar as I rely on them to do what they’re good at and within policy

      • moog
      • 5 years ago

      outlook.com

      • nerdrage
      • 5 years ago

      Gmail with 2 factor authentication.

      • synthtel2
      • 5 years ago

      Fastmail. It’s not free, but I find it more than good enough to make up for that.

    • kvndoom
    • 5 years ago

    Great. “Password1” it is then.

      • tipoo
      • 5 years ago

      [url<]https://www.youtube.com/watch?v=a6iW-8xPw3k[/url<]

        • Waco
        • 5 years ago

        I was about to post this and you totally beat me to it. 🙁

        • jihadjoe
        • 5 years ago

        That’s what you end up with when you give password expiration policies to a bunch of employees.

Pin It on Pinterest

Share This