SoylentNews is people
SoylentNews
Reuters via Yahoo News reports on an announcement by Yahoo! that an attacker "may have stolen names, email addresses, telephone numbers, dates of birth and encrypted passwords" for 500 million accounts in 2014. According to the announcement, the FBI is looking into the matter and that "The investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network".
Yahoo Inc said on Thursday that at least 500 million of its accounts were hacked in 2014 by what it believed was a state-sponsored actor, a theft that appeared to be the world's biggest known cyber breach by far. Cyber thieves may have stolen names, email addresses, telephone numbers, dates of birth and encrypted passwords, the company said. But unprotected passwords, payment card data and bank account information did not appear to have been compromised, signalling that some of the most valuable user data was not taken. The attack on Yahoo was unprecedented in size, more than triple other large attacks on sites such as eBay Inc , and it comes to light at a difficult time for Yahoo. Chief Executive Officer Marissa Mayer is under pressure to shore up the flagging fortunes of the site founded in 1994, and the company in July agreed to a $4.83 billion cash sale of its internet business to Verizon Communications Inc . "This is the biggest data breach ever," said well-known cryptologist Bruce Schneier, adding that the impact on Yahoo and its users remained unclear because many questions remain, including the identity of the state-sponsored hackers behind it. On its website on Thursday, Yahoo encouraged users to change their passwords but did not require it.
Also covered at:
Ars Technica
Computerworld
cnet
phuys.org
(Score: 0) by Anonymous Coward on Friday September 23 2016, @03:23PM
Time to find my 25+ Yahoo email accounts and update the passwords.
If this happens to Gmail I'm dead.
(Score: 0) by Anonymous Coward on Friday September 23 2016, @04:16PM
What do you do with all those accounts?
Just curious...
(Score: 0) by Anonymous Coward on Friday September 23 2016, @04:24PM
Separate account for each online identity, or one account for a small cluster of related site signups under a single identity.
(Score: 0) by Anonymous Coward on Friday September 23 2016, @05:35PM
Do you use the same phone number to get them all?
If not, how do you get accounts when a phone number is required?
(Score: 0) by Anonymous Coward on Friday September 23 2016, @06:20PM
I created a lot of accounts before phone number requirements became widespread. More recently, Gmail tries to look like it requires a phone number, but only really does it when you slip up and log on using a different IP or do something else "suspicious". Then you are locked out forever unless you give a phone number. Dozens of angry messages to "support" did nothing.
Now I say fuck it and just go to https://www.openmailbox.org/ [openmailbox.org] which is great so far.
(Score: 0) by Anonymous Coward on Friday September 23 2016, @07:58PM
Nice. Thanks!
(Score: 2) by Scruffy Beard 2 on Saturday September 24 2016, @02:45AM
I love my catch-all e-mail address on my own domain.
companyname@domain.ca
That way, you can find out when a site get hacked before it even hits the news (looking at you, dropbox).