Oath-my-God: THREE! BILLION! Yahoo! accounts! hacked! in! 2013! – not! 'just!' 1bn! With Equifax testifying in US Congress today about its own massive security failings, someone at Yahoo! presumably thought now would be a good time to bury bad news – but some things are too large to hide. In a filing on Tuesday to America's financial watchdogs, Yahoo!, now owned by Verizon under the Oath brand, admitted the …
I suspect they had that many accounts because they hosted email for others.
My ISP supplied email account was actually hosted by Yahoo! until this breach happened, they have since bought their email system home which is nice.
At the time they forced users to change their password also. I guess they didn't believe Yahoos! assurances that it was only "some" accounts.
Easy answer to the 3 billion question... many of us had throw away accounts there. I had 5 and lost all 5 so I created 5 new ones that so far haven't been "attacked" as far as I know. The first 5 had their passwords changed by the miscreants and luckily, all 5 were clear of any emails. I generally check them daily and delete any email since like I said... throwaways.
TalkTalk manage their own email. Does that make them any better?
I still have a @lineone.net address from the days when you accessed the internet by paying 3p per minute for a dial-up phone call. It still works, to usual TalkTalk levels of reliability, even though I left them about 20 years ago.
I know (as one personally affected) that for the original BT consumer email accounts, BT insisted you had to confirm your home address (which they had automatically lifted from your phone a/c ), mothers maiden name and date of birth. BT then facilitated sharing of these details with Yahoo when we were shifted (or should that be shafted) to the Yahoo service but both failed to make sure they were kept securely enough.
Once home address, mothers maiden name and date of birth are out there together in a nice package, you are ripe for identity theft. One attempt with my info involved a bank loan using my credentials but with but a slightly different address (an empty house down the road).
The loan was approved subject to paperwork being signed and returned. Fortunately the friendly postman who knew us delivered the paperwork to my real address (seeing my name and initials).
You wouldn't credit (pardon the pun) how uninterested the bank concerned seemed to be.
After the last attempt to shift us BT Yahoo mugs to a different but cheaper-for-BT outsourced service failed miserably (surprise), it looks like millions of BT suckers are stuck with Yahoo for ever. "Yahoo!" or should that be "Oh Fcuk!"
At one time Yahoo provided email services to AT&T and all AT&T email accounts were directed to Yahoo - I'm sure that's changed now but when the accounts were migrated did anyone change their passwords?
Ah... no. Yahoo still provides email services to AT&T, despite now being owned by Verizon. AT&T's level of incompetence is approached only by Comcast, Times-Warner, BT, Verizon and Sprint, and exceeded only by Yahoo and perhaps Talk-Talk. Hmm. Wait. Yahoo is now part of Verizon. Oh, my.
They were / possibly still are the market leader in Japan.
Back then, they were the biggest email provider, slightly ahead of Hotmail. Gmail may have overtaken them now.
Also, a lot of people have more than one account. For example sexylegs69@... might be a good choice for signing up for dating sites, but not for signing up with recruitment agents.
I believe that BT Internet and Yahoo were linked in some way, can't recall details but defo my btinternet.net email was with Yahoo, and I suspect other ISPs may have been providing email accounts through Yahoo. Plus when do you delete a user account when the number of accounts is how you measure/boast how big you are? Plus all those spam mailboxes that got created in the 90s but not deleted, 3 Billion accounts or email address is a possibility, but there were only probably 1 billion real users, and on 30 active ones.
One of her predecessors invested in Alibaba, which came to fruition to the tune of $1B, which she frittered away. While Yahoo was already on the ropes when she joined, she was not a good CEO - turning around a business when you have a billion dollars at your disposal is definitely not hard mode.
Yeah, Yahoo stock more or less doubled under Mayer, but pretty much all of that was down to the Alibaba holding - if you take it out of the equation, Mayer had almost no impact whatsoever. In fact, Yahoo shares became a direct proxy for Alibaba fairly early during her tenure, which implies that the market didn't think her decisions would have any measurable effect on anything - or that Yahoo under Mayer was going to do anything valuable by itself, either.
How about now?
I thought record levels of remuneration were because of assumed risk of being thrown to the dogs in the event of malfeasance. This level of "mis-statement" of the company's vulnerability to litigation would seem to invite criminal investigation.
Unfortunately this level of compromise, linked with stupid security failings like poor password hashing or improperly stored personal data or lack of investment in reasonable protection, is always going to happen until significant jail time is available and targeted at the executive levels. Bit like SOX compliance - as soon as the threat of felony convictions appeared in the US, proper auditing suddenly became de rigueur.
with a $55m golden parachute, and is now reportedly looking around for another challenge before retiring.
Perhaps that challenge will take the form of shareholders challenging that renumeration in the light of the new evidence that has emerged.
I will mention, as I did for the previous stories about the estimates on account breaches; that at the time I suggested they were lying, as EVERYONE I knew with a Yahoo account had it hacked back in 2013.
I STILL get relayed emails from my old account, even though I lost control of it at the time; and at no point have I ever received an email from Yahoo telling me that my account had been hacked.
I suggest it isnt a case of "just found out", but more "we have just been found out".
Mmmmm....Hackers had access to Equifax systems from March to July. Who actually believes that only a portion of Equifax's data was taken. Given the five months it is more believable that all 920 million personal credit records and 91 million company records have been taken,
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
