Yahoo confirms major breach that could be the largest hack of all time http://www.businessinsider.com/yahoo-hack-by-state-sponsored-actor-biggest-of-all-time-2016-9?op=1
Yahoo revealed a massive data breach of its services on Thursday. Yahoo "has confirmed that a copy of certain user account information was stolen from the company's network in late 2014 by what it believes is a state-sponsored actor," the company posted on its investor relations page. The stolen data include names, email addresses, telephone numbers, birthdays, hashed passwords, and some "unencrypted security questions and answers." Yahoo believes that "at least" 500 million user account credentials were stolen, which would make it the biggest breach of all time, bigger than the MySpace breach of 427 million user accounts. - - - Note the part about "unencrypted security questions and answers." The continued use of security questions is a scourge on security, even for people who (as I generally recommend) provide different fake answers to those questions at different sites, rather than the real answers to those common questions that could subvert their security later. --Lauren-- Care About Science and Tech? Our Job One: STOP TRUMP: https://vortex.com/stop-trump - - - Lauren Weinstein (lau...@vortex.com): https://www.vortex.com/lauren Lauren's Blog: https://lauren.vortex.com Founder: Network Neutrality Squad: https://www.nnsquad.org PRIVACY Forum: https://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: https://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Google+: https://google.com/+LaurenWeinstein Twitter: https://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 I have consulted to Google, but I am not currently doing so -- my opinions expressed here are mine alone. - - - The correct term is "Internet" NOT "internet" -- please don't fall into the trap of using the latter. It's just plain wrong! _______________________________________________ pfir mailing list https://lists.pfir.org/mailman/listinfo/pfir