Yahoo discloses hack of 1 billion accounts
The company disclosed today that it has discovered a breach of more than one billion user accounts that occurred in August 2013. The breach is believed to be separate and distinct from the theft of data from 500 million accounts that Yahoo reported this September.
Troublingly, Yahoo’s chief information security officer Bob Lord says that the company hasn’t been able to determine how the data from the one billion accounts was stolen. “We have not been able to identify the intrusion associated with this theft,” Lord wrote in a post announcing the hack.
“The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,” Lord added.
Yahoo was alerted to the massive breach by law enforcement and has examined the data with the help of outside forensic experts. The data does not appear to include payment details or plaintext passwords, but it’s still bad news for Yahoo account holders. The hashing algorithm MD5 is no longer considered secure and MD5 hashes can easily be looked up online to discover the passwords they hide.
Yahoo says it is notifying the account holders affected in the breach. Affected users will be required to change their passwords.
Yahoo also announced today that its proprietary code had been accessed by a hacker, who used the code to forge cookies that could be used to access accounts without a password. “The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies,” Lord said, adding that he believed the attack was launched by a state-sponsored actor.
I suppose its too late to disallow cookies ...
Lol, yeah no kidding.
That's why I'm ''old school'' with most of my information...Nothing wrong with Smoke Signals...Lets see a hacker, hack those.
No worries... we get hacking reports and there have been none. Just an FYI
Dear Friend Larry Hampton: A service which monitors my email, which is yahoo. advised that it was part of the hack.
Immediately I changed my user name and password.
I do that monthly anyway.
Not everything that is good is new, and not all that is new is good.
We are too dependent on computer technology for our own good, I fear.
My preference is not to get too far from nature.
Great article Larry.
Thanks.
Enoch.
"My preference is to not to get too far from nature"
A credo I try to follow daily, a road map for sanity, a pathway to a higher power. Thanks for the reminder Enoch.
And a plus in the whole scheme of things, is trying to decipher all those smoke signals coming from 2000 miles to the east of me.