Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Yahoo hack
Old 09-22-2016, 05:26 PM   #1
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: On the road again
Posts: 21,810
Yahoo hack

Looks like Yahoo has been hacked again, this time it looks like lots of info was obtained. Time to change passcodes.

From ARS Technica Yahoo says half a billion accounts breached by nation-sponsored hackers | Ars Technica
Quote:
At least half a billion Yahoo accounts have been breached by what investigators believe is a nation-sponsored hacking operation. Attackers probably gained access to a wealth of holders' personal information, including names, e-mail addresses, phone numbers, birth dates, answers to security questions, and cryptographically protected passwords.
__________________

__________________
MichaelB is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 09-22-2016, 05:30 PM   #2
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
REWahoo's Avatar
 
Join Date: Jun 2002
Location: Texas Hill Country
Posts: 39,791
It happened in late 2014 and they are just now letting us know? Sheesh...

Glad I've changed my password a couple of times since the hack.
__________________

__________________
Numbers is hard.

Retired in 2005 at age 58, no pension

REWahoo is offline   Reply With Quote
Old 09-22-2016, 06:00 PM   #3
Thinks s/he gets paid by the post
 
Join Date: Nov 2011
Posts: 1,903
"I am shocked — shocked — to find that hacking is going on in there!"
__________________
GrayHare is offline   Reply With Quote
Old 09-22-2016, 06:14 PM   #4
Moderator
aja8888's Avatar
 
Join Date: Apr 2011
Location: The Woodlands
Posts: 5,797
Quote:
Originally Posted by GrayHare View Post
"I am shocked — shocked — to find that hacking is going on in there!"
Wait until the hackers get into Facebook. I'll bet there is a treasure trove of good stuff in there!
__________________
......."Everybody has a plan until they get punched in the face." -- philosopher Mike Tyson.
aja8888 is offline   Reply With Quote
Old 09-22-2016, 06:50 PM   #5
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 6,717
Quote:
Originally Posted by REWahoo View Post
It happened in late 2014 and they are just now letting us know? Sheesh...

Glad I've changed my password a couple of times since the hack.
Did you change your challenge answers too? Just watching the news today and that info got hacked also.

I don't use my Yahoo accounts much anymore, but still am going to do same changing just to be sure.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-22-2016, 07:04 PM   #6
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
REWahoo's Avatar
 
Join Date: Jun 2002
Location: Texas Hill Country
Posts: 39,791
Quote:
Originally Posted by easysurfer View Post
Did you change your challenge answers too?
I disabled them.

Several months ago I set up a two-level verification, so I have to respond to a text message to my phone in order to log in.
__________________
Numbers is hard.

Retired in 2005 at age 58, no pension

REWahoo is offline   Reply With Quote
Old 09-22-2016, 07:15 PM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 6,717
Quote:
Originally Posted by REWahoo View Post
I disabled them.

Several months ago I set up a two-level verification, so I have to respond to a text message to my phone in order to log in.
Nice. Good idea.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-22-2016, 07:25 PM   #8
Thinks s/he gets paid by the post
Sunset's Avatar
 
Join Date: Jul 2014
Location: Chicago
Posts: 2,934
I always use crazy answers to challenge questions, as my personal information is public and some folks don't like me...
__________________
Sunset is offline   Reply With Quote
Old 09-23-2016, 10:00 AM   #9
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,041
Quote:
Originally Posted by REWahoo View Post
I disabled them.

Several months ago I set up a two-level verification, so I have to respond to a text message to my phone in order to log in.
I always worry that I will loose my email capability if on vacation and the phone becomes disabled, lost, or stolen.

For Yahoo, I just use another email account to verify ... and a very strong password stored in Lastpass password manager.
__________________
Lsbcal is offline   Reply With Quote
Old 09-23-2016, 10:10 AM   #10
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,041
When things like this happen and state sponsored hacking is possibly involved, I worry that information is being stored for future use. Not just for modest scams but for huge economic destabilization.

Should a real cyberwar break out, things could get nasty for all of us.

And if you are doing compromising things with your computer, hopefully you are not in a sensitive position that offers espionage potential. Maybe I'm reading too many spy novels?
__________________
Lsbcal is offline   Reply With Quote
Old 09-23-2016, 10:25 AM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 6,717
Quote:
Originally Posted by Lsbcal View Post
When things like this happen and state sponsored hacking is possibly involved, I worry that information is being stored for future use. Not just for modest scams but for huge economic destabilization.

Should a real cyberwar break out, things could get nasty for all of us.

And if you are doing compromising things with your computer, hopefully you are not in a sensitive position that offers espionage potential. Maybe I'm reading too many spy novels?
I think the cyberwar has already started. Just check out the current headlines. Something like exposing a very high profile person's passport should be considered a war crime. Well, maybe not as bad as a war crime, but not the new norm.

I went ahead and disabled two Yahoo email accounts that I don't really use anyhow.

Reading about the Yahoo hack. The info gets sold in the underground so the bad guys can try out the stolen/passwords to steal financial information. The success rate is only about 1-2%. That's where good long passwords and hard to guess challenge answers come in. 1-2% but o 500M is still pretty big.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-23-2016, 10:59 AM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,041
Quote:
Originally Posted by easysurfer View Post
I think the cyberwar has already started. Just check out the current headlines. Something like exposing a very high profile person's passport should be considered a war crime. Well, maybe not as bad as a war crime, but not the new norm.

I went ahead and disabled two Yahoo email accounts that I don't really use anyhow.

Reading about the Yahoo hack. The info gets sold in the underground so the bad guys can try out the stolen/passwords to steal financial information. The success rate is only about 1-2%. That's where good long passwords and hard to guess challenge answers come in. 1-2% but o 500M is still pretty big.
Maybe not quite a cyberwar yet but definitely probing and worse (like the North Korean incident with Sony). We don't really know all the detail and can only see the tip of the iceberg.

On those challenge questions, I notice that Yahoo suggests removing them entirely. Are they not just passwords in another form? If one uses dictionary words for the answers, maybe that is a security issue.
__________________
Lsbcal is offline   Reply With Quote
Old 09-23-2016, 11:20 AM   #13
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 6,717
Quote:
Originally Posted by Lsbcal View Post
Maybe not quite a cyberwar yet but definitely probing and worse (like the North Korean incident with Sony). We don't really know all the detail and can only see the tip of the iceberg.

On those challenge questions, I notice that Yahoo suggests removing them entirely. Are they not just passwords in another form? If one uses dictionary words for the answers, maybe that is a security issue.
That North Korea thing is scary. +1 about the tip of the iceberg as only what we know.

My Yahoo account is mixed with my old ATT account when I had DSL. Don't even see where I can remove the challenge question as navigating with that set up sure is not friendly. I don't even use that email anymore since switching providers. My challenge answers and passwords are now randomized.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-23-2016, 11:41 AM   #14
Thinks s/he gets paid by the post
Sunset's Avatar
 
Join Date: Jul 2014
Location: Chicago
Posts: 2,934
Quote:
Originally Posted by Lsbcal View Post
Maybe not quite a cyberwar yet but definitely probing and worse (like the North Korean incident with Sony). We don't really know all the detail and can only see the tip of the iceberg.

On those challenge questions, I notice that Yahoo suggests removing them entirely. Are they not just passwords in another form? If one uses dictionary words for the answers, maybe that is a security issue.
1) The problem with challenge questions is sometimes they are not encrypted at all. Think to when you phone into a bank or some place and they ask you some security questions to confirm you are you.
If they ask any of your challenge questions (mother's maiden name, your first pet, etc) and can confirm you got it correct, it's very likely not encrypted.
So anyone who gets a copy of the database has all your challenge answers. Now they effectively have a password to your site.

2) The other problem is people answer the challenge questions honestly so they will remember them. "Street you lived on in high school" is Frank St. Well use of FB, research of streets around the school, streets your childhood friends lived on, etc all will reveal the answers.
__________________
Sunset is offline   Reply With Quote
Old 09-23-2016, 04:25 PM   #15
Thinks s/he gets paid by the post
Rustward's Avatar
 
Join Date: Apr 2006
Posts: 1,471
Quote:
Originally Posted by Sunset View Post
1) The problem with challenge questions is sometimes they are not encrypted at all. Think to when you phone into a bank or some place and they ask you some security questions to confirm you are you.
If they ask any of your challenge questions (mother's maiden name, your first pet, etc) and can confirm you got it correct, it's very likely not encrypted.
So anyone who gets a copy of the database has all your challenge answers. Now they effectively have a password to your site.

2) The other problem is people answer the challenge questions honestly so they will remember them. "Street you lived on in high school" is Frank St. Well use of FB, research of streets around the school, streets your childhood friends lived on, etc all will reveal the answers.
Just curious, what leads you to say this?
__________________
Rustward is offline   Reply With Quote
Old 09-23-2016, 04:51 PM   #16
Recycles dryer sheets
 
Join Date: Apr 2016
Location: Dutchess County
Posts: 341
Do people actually use yahoo mail for any sensitive information?
The only real thing on my account is my cell number so I can recover my password if I forget it. I only use it to gather information from companies and such. Makes a great spam filter.
__________________
Just_Steve is online now   Reply With Quote
Old 09-23-2016, 05:00 PM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,041
Quote:
Originally Posted by Just_Steve View Post
Do people actually use yahoo mail for any sensitive information?
The only real thing on my account is my cell number so I can recover my password if I forget it. I only use it to gather information from companies and such. Makes a great spam filter.
Things I've used it for: travel reservation confirms, Amazon purchase confirms, friends, other site email correspondence. Have not used it for financial information (to or from).
__________________
Lsbcal is offline   Reply With Quote
Old 09-23-2016, 05:26 PM   #18
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 6,717
Quote:
Originally Posted by Just_Steve View Post
Do people actually use yahoo mail for any sensitive information?
The only real thing on my account is my cell number so I can recover my password if I forget it. I only use it to gather information from companies and such. Makes a great spam filter.
My bigger fear is if someone assumes my email and then starts using the email for illegal activity.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Old 09-23-2016, 06:22 PM   #19
Thinks s/he gets paid by the post
gauss's Avatar
 
Join Date: Aug 2011
Posts: 1,591
Quote:
Originally Posted by easysurfer View Post
My bigger fear is if someone assumes my email and then starts using the email for illegal activity.
If you change your password and challenge questions then this should not be an issue for you with this current hack.

Of larger concern to me is the leaked security questions and any overlap with any other accounts that I have (especially those without mutli-factor authentication).

So has anyone/everyone received personalized notification from yahoo about this yet? I have not -- I only heard about it on the radio this evening. I suspect I may receive notification in coming days but in the interim I am curious what other yahoo's experience has been wrt notification.

-gauss
__________________
gauss is offline   Reply With Quote
Old 09-23-2016, 06:30 PM   #20
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 6,717
Quote:
Originally Posted by gauss View Post
If you change your password and challenge questions then this should not be an issue for you with this current hack.

Of larger concern to me is the leaked security questions and any overlap with any other accounts that I have (especially those without mutli-factor authentication).

So has anyone/everyone received personalized notification from yahoo about this yet? I have not -- I only heard about it on the radio this evening. I suspect I may receive notification in coming days but in the interim I am curious what other yahoo's experience has been wrt notification.

-gauss
Haven't received any notification. But went ahead and disabled 2 emails and changed the password and challenge answers for another.

Hackers have no shame. Now there's news that Pippa Middleton got family photos hacked with the intent of hackers selling them.


Quote:
Pippa Middleton’s iCloud account has been hacked, it has emerged.
It is believed a number of personal photos of the Duchess of Cambridge's sister have been accessed in the unlawful hack, including images of Prince George and Princess Charlotte.
In a statement issued by her lawyers, Ms Middleton confirmed her account had been unlawfully accessed. Her representatives say the hackers are trying to sell the private photographs to publications
Pippa Middleton photos leak: Images stolen in iCloud account hack | The Independent
__________________

__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
9volt battery hack maddythebeagle Other topics 3 11-07-2007 09:22 AM
Hack? One zoned to two zoned A/C Sam Other topics 3 07-13-2007 03:42 PM
Ticker Factory hack :) HobbyDave Other topics 3 05-02-2007 08:26 PM
URL Problem Possible Hack Outtahere Forum Admin 21 05-17-2006 11:43 PM
Yahoo "Finance Quiz" Walker101 FIRE and Money 242 06-15-2004 11:56 AM

 

 
All times are GMT -6. The time now is 08:56 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.