back to article Some! at! Yahoo! knew! about! mega-breach! as! early! as! 2014!

Yahoo! knew it had been compromised by a state-sponsored hackers in 2014 despite not publicly disclosing this crucial information until 2016. The disclosure of some internal knowledge prior to public admission of a problem in September 2016 comes from a recent SEC filling, in paragraphs covering the investigation of the …

  1. Captain Badmouth
    FAIL

    No news is good news...

    Not in this case it wasn't.

  2. Anonymous Coward
    Anonymous Coward

    Good job BT moved their email to Yahoo several years ago

    So now your BT email account (which is the same user/pass for all of your BT internet account) got hacked.

    I raised this hack with BT in 2014 - they denied all of it.

    1. Anonymous Coward
      Anonymous Coward

      Re: Good job BT moved their email to Yahoo several years ago

      Could be worse, with AT&T customers they likely have access to people's Mobility, uVerse TV & Internet, DSL in the former SBC and BellSouth areas, Wireline, DirecTV, Digital Life (alarms and shit) and Unified Accounts.

      Thats one of the reasons that I'm glad I still had the option to use vanilla @att.net and bellsouth.net POP3 email when I had uVerse so nothing ever touched Yahoo!'s servers. Especially as I'm pretty sure most people just used their myAT&T passcode for it, meaning you could have someone do quite literally anything to your account with no real issue besides having to know the associated email address, CTN or BAN and the passcode.

  3. Destroy All Monsters Silver badge
    Paris Hilton

    You say state-sponsored, I hear rhubarb, rhubarb

    "a state-sponsored hackers"

    So how did Yahoo know about the a state-sponsored hackers thing? Was the "state sponsored" IPV4 bit set?

    1. ProperDave

      Re: You say state-sponsored, I hear rhubarb, rhubarb

      Saying it was state-sponsored is probably making them feel better than saying it was a script-kiddy or two.

      That or the IP resolved to a foreign country so it had to be cyberwarfare! oh noes!

      1. Anonymous Coward
        Anonymous Coward

        Re: You say state-sponsored, I hear rhubarb, rhubarb

        "That or the IP resolved to a foreign country so it had to be cyberwarfare!"

        Or more likely, a hacked PC or server in another country, under remote control by the hackers located somewhere else.

        Nobody in their right minds launches a hack directly from their own PC without going through a separate proxy machine they can burn after.

    2. Doctor Syntax Silver badge

      Re: You say state-sponsored, I hear rhubarb, rhubarb

      'Was the "state sponsored" IPV4 bit set?'

      It's just part of the boilerplate text they use. Same sort of thing as "Your security is important to us" and "Only a few customers were affected". It saves spokesbots having to think.

      1. Sgt_Oddball

        Re: You say state-sponsored, I hear rhubarb, rhubarb

        You missed 'Think of the children!'

    3. Anonymous Coward
      Anonymous Coward

      Re: You say state-sponsored, I hear rhubarb, rhubarb

      Huma Abedins "dead-drop" mailbox was/is hosted on Yahoo! Besides, the sinking ship Yahoo! is pretty much state-sponsored by the NSA and Co. They even built a special interface to all Yahoo! users email for "Them".

  4. chivo243 Silver badge
    Black Helicopters

    Sharing is caring

    For whatever reason, it seems Yahoo! has deliberately delayed sharing critical information... except with Big Brother.

    And it's probably the only reason Yahoo! didn't die on the vine years ago.

  5. batfastad

    Of course

    Of course they did. Look at those who had the largest shareholdings at the time and work down in descending order. Sell, sell, sell!

  6. CustardGannet
    Happy

    OMG ! Someone has accessed all the details Yahoo has about me ?

    They might, even now, be attempting to take out loans in the name of Theophilus Q. Walrus-Titty, of 22 Acacia Avenue, Svalbard Islands.

    1. Dan 55 Silver badge

      Re: OMG ! Someone has accessed all the details Yahoo has about me ?

      I think round about then they changed their profile interface and addresses and other fields were dropped from profile data.

      I wonder why that would have been...

      There's always going to be some fool who fills it in properly.

      1. Anonymous Coward
        Anonymous Coward

        Re: OMG ! Someone has accessed all the details Yahoo has about me ?

        There's always going to be some fool who fills it in properly.

        The Daily Telegraph's website cured me of that about 15 years ago when they were sending my name and address buried in the source of every page.

  7. Casanov

    CEO should be fired

    "Marissa Mayer reportedly clashed with Yahoo! CISO Alex Stamos (who left to become Facebook's security chief in mid-2015) over investment in improved security controls and even about resetting users passwords."

    Why isn't she gone yet?

    1. Mark 85

      Re: CEO should be fired

      Why isn't she gone yet?

      The obvious answer is she has someone on the board, or all of it, by the proverbial short hairs. What she has on them is open to speculation, much like the King Battistelli of the European Patent Office.

  8. BitterExScientist

    It! Hurts! To! Read! These! Titles!

    Dear Reg.,

    I know you're really excited about Yahoo, but please take it down a notch or use something less irritating like the blink tag.

    1. JohnG

      Re: It! Hurts! To! Read! These! Titles!

      I guess the Reg will stop when Yahoo stops (using exclamation marks in an unnecessary fashion).

      1. PhilBuk

        Re: It! Hurts! To! Read! These! Titles!

        ...or when people stop being annoyed by it.

        Phil.

    2. WatAWorld

      Re: It! Hurts! To! Read! These! Titles!

      Unlike normal people, when our omniscient, omnipotent and infallible overlords get fired they get a bonus.

      Her golden parachute for when she 'messed up' was probably negotiated at the time of her hiring to be in the 10s of millions.

      And unlike contracts for the rest of us, the contracts for such important types are usually worded to stand up even if the messing up was an intentional criminal act on their part.

      How else could you ever get someone to take such a job?

  9. EJ

    *typing...*

    https://www.google.com/search?q=best%20alternatives%20to%20yahoo%20email&ie=utf-8&oe=utf-8&safe=active

  10. Notas Badoff

    Fragging frakksters

    "... created cookies that could have enabled such intruder to bypass the need for a password to access certain users' accounts or account information."

    They have code which allows this as a feature? It's easy to have security problems when you have undiagnosed stupidity problems.

  11. Nolveys
    Mushroom

    Behind The Scenes

    I recently ran across this, it shows some of what has been going on behind the scenes at Yahoo! over the past few years. Very interesting stuff.

  12. Anonymous Coward
    Anonymous Coward

    500m stolen ID is only a start

    add that to another 1B announced last week.

    Why is this cesspool still open?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like