Mercedes SLK World banner

1 - 8 of 8 Posts

·
Super Moderator UK SLK 55 AMG 2007
Joined
·
28,672 Posts
Discussion Starter #1
If you're a Yahoo user and haven't changed your password in the last two years,
DO IT NOW!

BBC is reporting a MAJOR hack:

Attack on Yahoo hit 500 million users - BBC News

Extracts:
" Yahoo says hackers stole information from about 500 million users in 2014 in what appears to be the largest publicly disclosed cyber-breach in history.
The breach included swathes of personal information including names and emails as well as “unencrypted security questions and answers”.
It did not include any credit card data, the site said, adding it believed the attack was state-sponsored.

The FBI has confirmed it is investigating the attack.

Questions for Yahoo: Analysis by Dave Lee, BBC North America technology reporter, San Francisco

The nature of the information stolen feels somewhat run of the mill - no payment info, and passwords were encrypted. Good. But the chain of events leading up to this unprecedented announcement gives rise to some incredibly pressing questions for Yahoo.
Why did it take so long for them to confirm the hack and its scale? Why did it take them so long to tell users and prompt them to protect themselves?
State-sponsored attacks are typically for political, not financial gain. So why were details reportedly being sold online? What evidence is there that it was state-sponsored?
Verizon, which has agreed to buy Yahoo, said it had not been told until a couple of days ago - why not? And why is Marissa Mayer, a chief executive who has presided over bad deals and now the biggest breach in internet history, still in charge? "

Why on earth aren't big Companies learning to disclose early is the best possible strategy?
Two years after an attack is not good enough!
Microsoft & Yahoo are simply not doing good enough to earn the trust of those of us sceptical about IT/Internet security.

Yahoo give the impression that the data stolen isn't critical as no credit card details.
Maybe so, but on how many occasions/sites are you asked for the following data?

"The data taken includes names, email addresses, telephone numbers, dates of birth and encrypted passwords."

Pretty much everyone that is security conscious. Many use the same password for other sites.

Used Paypal, Amazon, EBay lately?
 

·
Premium Member 2008 SLK350
Joined
·
310 Posts
Whats more surprising, yahoo got 500 million users.... if it wasn't detrimental about the security, it would be bragging.
 

·
Super Moderator UK SLK 55 AMG 2007
Joined
·
28,672 Posts
Discussion Starter #3
It had that many two years ago.

Probably won't have that many soon.
 

·
Registered
Joined
·
2,027 Posts
WTH does "state sponsored" mean? That implies a governmental entity fostered or endorsed this occurrence? Other than the obvious "OMG" reaction, what does this really mean?

Over the last 4-5 years, 'security breaches' have come from every direction: our employer, our state government, our federal government, our financial institution, and last but not least the websites we use simply for recreation (current company included). it's all getting to be too much.

Rant over but not out
 

·
Administrator 2009 SLK 55 AMG/Founding Member 2006
Joined
·
98,142 Posts
How to check if you've been the victim of a breach like the Yahoo hack

In what has already been called the worst hack ever, Yahoo confirmed Thursday that at least 500 million users were affected by a security breach from a state-sponsored actor.

If you want to tighten up your security, one of the first steps you should take is checking to see how many of your accounts have already been impacted by a security breach.

While the Yahoo hack is the biggest, there have been plenty of other massive data breaches over the years and chances are you've been affected by at least a few of them. It's true that most companies try to alert their users to these breaches as soon as possible, but even they sometimes don't find out about them until months or years after the fact.


In the meantime, even if you haven't gotten an email from them, it's still a good idea to change your password and enable two-factor authentication anyway.

Other Accounts
One of the best ways to check many of your major accounts at once is the website haveibeenpwned, which is run by security researcher Troy Hunt, who tracks data breaches.

https://haveibeenpwned.com/
 

·
Super Moderator UK SLK 55 AMG 2007
Joined
·
28,672 Posts
Discussion Starter #8
The lessons from this hack are the same as always.

Change your password routinely & use a strong password (letters, numbers & characters).
Never use the same password for more than one site.
Never share your password with anyone, for any reason. That includes anyone 'claiming' to represent the site.
eg. I may trust Sarge immensely, but I wouldn't share my password with him.
Run your pc security scans routinely.
Do not answer the recovery questions with obvious answers.
ie 'Where were you born?' use something else as the answer eg 'P!nk Floydd'
Make the answer different to that same question on each account.
If you had trouble remembering all that stuff, just make small changes eg'Pink Fl0ydd'
The questions are just a trigger for your response & don't require a sensible answer.
And, although I've not checked it out myself yet...
Use the link in post#5.
 
1 - 8 of 8 Posts
Top