Yahoo Hacked – 1.0B Accounts Exposed

Dude… The Fat Lady is SO singing over at Yahoo…

yahoo exposed

  1. There are a few things that come to mind here:
  2. If I were Marissa Mayer, I would crawl under a rock and hide. Like… forever.
  3. If I were Verizon, I would run, not walk, so fast and so far away from the purchase of Yahoo, and I would NEVER look back (or second guess that decision)
  4. If I were a Yahoo user, I would set fire to my account and use the mail account that my ISP gave me. At this point a comcast.net mail account can’t be seen as a bad thing…

To be honest, this is beyond pathetic.

I’ve heard it mentioned that the security breach in question is the result of a separate, earlier attack that occurred in 2013, at least six to twelve months before the attack in 2014 that exposed 500 million accounts to hackers. I’ve heard that security analysts at Yahoo brought their concerns to the management team and the analysis was effectively ignored.

In a statement, Yahoo said they weren’t able to identify the intrusion associated with the breach. Hackers may have stolen names, email addresses, telephone numbers, MD5 hashed passwords, dates of birth, and in some cases, both encrypted and unencrypted security questions and answers.

The company has further admitted that hackers may have accessed all of this information due to a theft of source code, enabling them to manufacture a way in without requiring a password. Apparently, they were able to forge a cookie that allowed them to retrieve credentials that were stored locally. While Yahoo has invalidated the security questions and their answers as well as the forged cookies, the damage has already been done.

The thing that really irks me the most here, is that this was a bigger breach than the one that was reported in 2014; AND it occurred BEFORE the breach that got so much publicity. This hack is twice as big and in my opinion twice as damning. Verizon was already “evaluating” its purchase of Yahoo. If I were them, I’d evaluate myself right out of the deal. The assets aren’t worth the risk.

Yahoo has been severely criticized by six different US senators for taking two years to publicize the September 2014 breach that lost them 500,000 accounts. This latest breach occurred a full year or so before that, and its being revealed AFTER the 2014 breach.

At this point, Yahoo knows basically NOTHING. They have no idea who may have perpetrated the attack, which nation may have sponsored the hackers or the full extent of the information that has been compromised. As a result, Yahoo’s stock took a 2.5% hit in afterhours trading on 2016-12-14. At this point, I can see the value of the stock dropping more as Verizon “evaluates” their purchase plans.

As I said, Yahoo is over. Marissa Mayer is done as a CEO, despite the amount of promise she showed during the early part of her tenue with the company. Verizon should do themselves a favor and target other web content and properties . I think their money would be better spent on assets that weren’t compromised.

If I were a Yahoo user, I’d shut my account down, get a secure password manager, and change passwords and security question answers on all my financial accounts… and that’s just for starters. Yahoo has been around since the early 1990’s. A lot of users have a great deal invested in them, and all of that metadata may be compromised at this point. Better safe than sorry for ALL involved (including investors, Yahoo management and Verizon, as well as users)…

Are you a Yahoo user? Are you still using your Yahoo account? Are you concerned about this breach? What, if anything, have you done to protect yourself and your account information? Why don’t you meet me in the Discussion area below and give me your thoughts on the breach and on Yahoo itself as well as what you’re doing to make yourself safe.

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox