[ PFIR ] Yahoo confirms major breach that could be the largest hack of all time

Thu, 22 Sep 2016 12:10:08 -0700 

Yahoo confirms major breach that could be the largest hack of all time

http://www.businessinsider.com/yahoo-hack-by-state-sponsored-actor-biggest-of-all-time-2016-9?op=1

        Yahoo revealed a massive data breach of its services on
        Thursday.  Yahoo "has confirmed that a copy of certain user
        account information was stolen from the company's network in
        late 2014 by what it believes is a state-sponsored actor," the
        company posted on its investor relations page.  The stolen
        data include names, email addresses, telephone numbers,
        birthdays, hashed passwords, and some "unencrypted security
        questions and answers."  Yahoo believes that "at least" 500
        million user account credentials were stolen, which would make
        it the biggest breach of all time, bigger than the MySpace
        breach of 427 million user accounts.

 - - -

Note the part about "unencrypted security questions and answers." The
continued use of security questions is a scourge on security, even for
people who (as I generally recommend) provide different fake answers
to those questions at different sites, rather than the real answers to
those common questions that could subvert their security later.

--Lauren--
Care About Science and Tech? Our Job One: STOP TRUMP: 
https://vortex.com/stop-trump
 - - -
Lauren Weinstein (lau...@vortex.com): https://www.vortex.com/lauren 
Lauren's Blog: https://lauren.vortex.com
Founder: Network Neutrality Squad: https://www.nnsquad.org 
         PRIVACY Forum: https://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility: https://www.pfir.org/pfir-info
Member: ACM Committee on Computers and Public Policy
Google+: https://google.com/+LaurenWeinstein
Twitter: https://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800
I have consulted to Google, but I am not currently 
doing so -- my opinions expressed here are mine alone.
 - - -
The correct term is "Internet" NOT "internet" -- please don't 
fall into the trap of using the latter. It's just plain wrong!
_______________________________________________
pfir mailing list
https://lists.pfir.org/mailman/listinfo/pfir

Reply via email to