Yahoo 'expected to confirm massive data breach', says Recode

“Several hundred million user accounts” reportedly impacted.

Yahoo 'expected to confirm massive data breach'

As Yahoo poises to sell up to Verizon, it may have some bad news to share.

Recode reports:

Yahoo is poised to confirm a massive data breach of its service, according to several sources close to the situation, hacking that has exposed several hundred million user accounts.

While sources were unspecific about the extent of the incursion, since there is the likelihood of government investigations and legal action related to the breach, they noted that it is widespread and serious.

Earlier this summer, Yahoo said it was investigating a data breach in which hackers claimed to have access to 200 million user accounts and was selling them online. "It’s as bad as that," said one source. "Worse, really."

This summer a hacker calling themselves "Peace" was reportedly trying to sell 200 million Yahoo usernames, passwords and dates of birth on dark market websites.

What we don't know is whether the alleged stolen login credentials were collected through phishing attacks, a breach at a different site where Yahoo users were using the same passwords), or a serious security breach at Yahoo itself.

Of course, we have to wait to see if Yahoo does make an announcement about a hack or not, and if they do what the nature of the claimed data breach might be. Until then, there's a lot of speculation.

As before, my advice to Yahoo (and other internet) users is that your online accounts will be a whole lot safer if you have not made the mistake of reusing passwords between different sites, and have enabled two-step verification.

If a massive Yahoo hack is confirmed there will inevitably be many people quick to blame the firm for exposing their information. Not to pass the buck, but everyone going online today needs to be sensible about their security and take the necessary precautions and steps to reduce the chances of their own accounts being compromised.

Even if this current scare ends up not impacting your account, there is always the danger that you could become a victim in the future.

Update: Yahoo confirms: hackers stole 500 million account details in 2014 data breach

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

,

19 Responses

  1. james

    September 22, 2016 at 2:22 pm #

    "As before, my advice to Yahoo (and other internet) users is that your online accounts will be a whole lot safer if you have not made the mistake of reusing passwords between different sites, and have enabled two-step verification."

    I use two step verification on almost everything that can use it and normally use a password vault to generate out a new password with ease.

    How ever its not my job to insure that a company protects there shit. If a leak truly did occur with yahoo then they dam well better show in there confirmation that they did there due diligence on protecting the data. If not then there heads are going to be strong up on pikes with fines pinned to them.

    • Greaseman85 in reply to james.

      September 22, 2016 at 3:05 pm #

      I don't think you understand how technology works. You can only do so much against a hack and sooner or later a good persistent hacker will prevail. It is absolutely on YOU to make sure you are more protected than what Yahoo provides. If you're reusing passwords, no one is to blame but you. If the service offers you multifactor authentication, then you better make use of it.

    • GrammerQueen in reply to james.

      September 22, 2016 at 4:30 pm #

      "However" "ensure" "their" "their" "their" "their"

  2. 4noMOre

    September 22, 2016 at 2:45 pm #

    who is dumb enough to go on yahoo with their real information.

  3. Joseph

    September 22, 2016 at 2:52 pm #

    Just great the thing I use to take people email and phone contact from Facebook via contact export has another security breach…..

  4. Peter J

    September 22, 2016 at 2:55 pm #

    No big deal. Any info is ancient. People stopped using Yahoo years ago

    • Helen Bedd in reply to Peter J.

      September 22, 2016 at 3:20 pm #

      Exactly! And, Yahoo was king of the BS accounts. Fake user names, fake ages…all going back to their chat room days. Everyone was 21 and gorgeous and either a doctor or astronaut. No big deal.

      • ToHotToHandle in reply to Helen Bedd.

        September 22, 2016 at 5:15 pm #

        I am actually a doctor AND an astronaut.

        – ToHotToHandle@yahoo.com

  5. John

    September 22, 2016 at 3:02 pm #

    I've been wondering why Yahoo has been nagging me at each log in to "Make sure my account is secure" for the past month, I've even wondered if they had been hacked. They sure can't protect my account themselves, and aren't in any hurry to inform the public of their lax security. Yahoo is finished, stick a fork in them . . . . . .

  6. Bob

    September 22, 2016 at 3:03 pm #

    When will we ever learn that there are people who delight and profit from our stupidity? Trust no one, not even God, with your personal information. Keep it in a book, under your mattress. Folks, ever since time began, others have always profited from our labors while sitting on their behinds and snickering. If not hackers, then our own Government. Wise up people, change pass words frequently, use 2 step verification, and, above all: Never use the same pass word(s) on different sites. Use common sense and be safe out here. They lurk behind every bush and internet connection.

  7. Igor

    September 22, 2016 at 3:10 pm #

    The best way to thwart this to NEVER put your real name anywhere on the internet. All my email accounts and Facebook accounts are pseudonyms since I started on the net 18 years ago.

  8. jabbadonut

    September 22, 2016 at 3:19 pm #

    What a surprise.

  9. Mister Twister

    September 22, 2016 at 3:44 pm #

    Wait… you mean people actually use their REAL names, and REAL birthdates on these accounts? And they reuse passwords? LOL!

  10. Mikki

    September 22, 2016 at 3:48 pm #

    "Yahoo usernames, passwords and dates of birth on dark market websites."

    What, we can't even cal it a Black Market anymore?

  11. metalmania

    September 22, 2016 at 4:37 pm #

    My yahoo account is just a throw away account for trolling comments on news articles. So eh.

  12. David

    September 22, 2016 at 5:17 pm #

    Who's going to be stupid enough to buy my fake information is the real question.

  13. Jeffrey

    September 22, 2016 at 5:36 pm #

    I wish I could use 2-step verification. Unfortunately, my Yahoo email is a subset of an sbcglobal (now AT&T) account, and that program does NOT have 2-step verification.

  14. Fred Flinstone

    September 22, 2016 at 5:55 pm #

    This guy is a condescending jerk.

  15. Notmyname

    September 22, 2016 at 9:08 pm #

    There is an easy way to avoid any issues with this kind of thing.

    1. Never use your real name.
    2. Never use your real DOB
    3. Never use your real phone number.
    4. Maintain separate persona domains, where nothing is shared between them, not even a photo, such as Friends & Family; banking; dating; blogging.
    5. Keep one account as a spam trap. Anytime some site asks for an email address use this, but never use it for anything important.

    That way, if a site like Yahoo gets hacked, so what.

Leave a Reply