Yahoo confirms major breach that could be the largest hack of all time
Yahoo revealed a massive data breach of its services on
Thursday. Yahoo "has confirmed that a copy of certain user
account information was stolen from the company's network in
late 2014 by what it believes is a state-sponsored actor," the
company posted on its investor relations page. The stolen
data include names, email addresses, telephone numbers,
birthdays, hashed passwords, and some "unencrypted security
questions and answers." Yahoo believes that "at least" 500
million user account credentials were stolen, which would make
it the biggest breach of all time, bigger than the MySpace
breach of 427 million user accounts.
- - -
Note the part about "unencrypted security questions and answers." The
continued use of security questions is a scourge on security, even for
people who (as I generally recommend) provide different fake answers
to those questions at different sites, rather than the real answers to
those common questions that could subvert their security later.
Care About Science and Tech? Our Job One: STOP TRUMP:
- - -
Lauren Weinstein (lau...@vortex.com): https://www.vortex.com/lauren
Lauren's Blog: https://lauren.vortex.com
Founder: Network Neutrality Squad: https://www.nnsquad.org
PRIVACY Forum: https://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility: https://www.pfir.org/pfir-info
Member: ACM Committee on Computers and Public Policy
Tel: +1 (818) 225-2800
I have consulted to Google, but I am not currently
doing so -- my opinions expressed here are mine alone.
- - -
The correct term is "Internet" NOT "internet" -- please don't
fall into the trap of using the latter. It's just plain wrong!
nnsquad mailing list