1 Billion Yahoo accounts hacked, change your password. (1 Viewer)

[Gromett]

The previous hack was bad enough, but they have uncovered evidence of more accounts that were breached. If you use yahoo or have ever had a yahoo account, change your password.
This hack dates back to 2013 but a lot of people won't have changed their password.

Details.

http://arstechnica.co.uk/security/2...s-exposed-and-some-code-may-have-been-stolen/

 

[buttons]

That is a lot of accounts. As far as I can remember I have never had a Yahoo account. I there any way of finding out if I have...?

 

[Vanman]

That is a lot of accounts. As far as I can remember I have never had a Yahoo account. I there any way of finding out if I have...?

Enter your email here for a rough and ready guide

https://haveibeenpwned.com/

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

If you are interested Computerphile did a video on password hacking. It is slightly technical, just ignore the words you don't understand. He does get to a demonstration of how easy it is to crack password....

 

[Debs]

@Gromett I had a yahoo account but haven't used it for at least a couple of years & can't remember the password - do I still need to try & log on & change it?
Thanks

 

[Boringfrog]

@Gromett I had a yahoo account but haven't used it for at least a couple of years & can't remember the password - do I still need to try & log on & change it?
Thanks

I wouldn't worry about it personally, not quite sure what these hackers can do by getting into your account, maybe email all your contacts? Anyone ?

^{_{Subscribers  do not see these advertisements}}

 

[chaser]

This an email I have had about it this morning, I have never actually had a yahoo email but they were tied up with bt at one point so don't know if it includes btinternet emails.



Link Removed
NOTICE OF DATA BREACH
Link Removed
Link RemovedDear Yahoo User,
We are writing to inform you about a data security issue that may involve your Yahoo account information. We have taken steps to secure your account and are working closely with law enforcement.


What Happened?

Law enforcement provided Yahoo in November 2016 with data files that a third party claimed was Yahoo user data. We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with a broader set of user accounts, including yours. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.


What Information Was Involved?

The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. Not all of these data elements may have been present for your account. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system we believe was affected.


What We Are Doing

We are taking action to protect our users:

• We are requiring potentially affected users to change their passwords.
• We invalidated unencrypted security questions and answers so that they cannot be used to access an account.
• We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts.

What You Can Do

We encourage you to follow these security recommendations:

• Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
• Review all of your accounts for suspicious activity.
• Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
• Avoid clicking on links or downloading attachments from suspicious emails.

Additionally, please consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.


For More Information

For more information about this issue and our security resources, please visit the Yahoo Security Issues FAQs page available at https://yahoo.com/security-update.

Protecting your information is important to us and we work continuously to strengthen our defenses.

Sincerely,

Bob Lord
Chief Information Security Officer
Yahoo

Can't see images? View as a webpage

Privacy Policy

RefID:

 

[Larrynwin]

This an email I have had about it this morning, I have never actually had a yahoo email but they were tied up with bt at one point so don't know if it includes btinternet emails.



Link Removed
NOTICE OF DATA BREACH
Link Removed
Link RemovedDear Yahoo User,
We are writing to inform you about a data security issue that may involve your Yahoo account information. We have taken steps to secure your account and are working closely with law enforcement.


What Happened?

Law enforcement provided Yahoo in November 2016 with data files that a third party claimed was Yahoo user data. We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with a broader set of user accounts, including yours. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.


What Information Was Involved?

The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. Not all of these data elements may have been present for your account. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system we believe was affected.


What We Are Doing

We are taking action to protect our users:

• We are requiring potentially affected users to change their passwords.
• We invalidated unencrypted security questions and answers so that they cannot be used to access an account.
• We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts.

What You Can Do

We encourage you to follow these security recommendations:

• Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
• Review all of your accounts for suspicious activity.
• Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
• Avoid clicking on links or downloading attachments from suspicious emails.

Additionally, please consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.


For More Information

For more information about this issue and our security resources, please visit the Yahoo Security Issues FAQs page available at https://yahoo.com/security-update.

Protecting your information is important to us and we work continuously to strengthen our defenses.

Sincerely,

Bob Lord
Chief Information Security Officer
Yahoo

Can't see images? View as a webpage

Privacy Policy

RefID:

Is this e mail from "yahoo" genuine, is the link in it part of a scam.
I wouldn't use it.

 

[Gromett]

@Gromett I had a yahoo account but haven't used it for at least a couple of years & can't remember the password - do I still need to try & log on & change it?
Thanks

If you have used that password anywhere else then go into all those accounts and change the password there.

^{_{Subscribers  do not see these advertisements}}

 

[chaser]

Is this e mail from "yahoo" genuine, is the link in it part of a scam.
I wouldn't use it.

No idea as it came to my btinternet email account, not doing anything about it , just a heads up for anyone else that gets one.

 

[two]

I think I heard that the breach took place in 2013.
It took someone an awful long time to discover it
or own up.
Not very good for Yahoo,
I wonder who will be next

 

[Mother Ship]

Is this e mail from "yahoo" genuine, is the link in it part of a scam.

I received the Yahoo email and had suspicions if it was genuinely from Yahoo and therefore used no links in it, but went straight to Yahoo website and into my account and it is all clearly explained in Q&A format and even have posted copy of email to show exactly what sent out by them so you can see what you have received is same.

^{_{Subscribers  do not see these advertisements}}

 

[olley]

My email address comes up in a hacked list from searchforsites.

 

[chaser]

My email address comes up in a hacked list from searchforsites.

Where is this list?

 

[Gromett]

I think I heard that the breach took place in 2013.
It took someone an awful long time to discover it
or own up.
Not very good for Yahoo,
I wonder who will be next

http://arstechnica.co.uk/security/2...s-exposed-and-some-code-may-have-been-stolen/

^{_{Subscribers  do not see these advertisements}}

 

[olley]

Where is this list?

If you look at post number 3, go to that site and put your email address in and if its been hacked it may tell you. My email came with 5000 others on a hacked list from searchforsites. I copied it, put it into openoffice, and sorted it alphabetically rather than go through 5000 names trying to find mine.
I have attached it to this post.

 

[Larrynwin]

I have a bt internet e mail but it's linked to yahoo.

No idea as it came to my btinternet email account, not doing anything about it , just a heads up for anyone else that gets one.

Now I'm feeling left out , I have a bt internet account and didn't get one

 

[Larrynwin]

Enter your email here for a rough and ready guide

https://haveibeenpwned.com/

Thanks for the link, I checked and have not been compromised but took the option for notification should my address be pwnd, however they send an email with a link to click on for confirmation, do you know is this safe ?

^{_{Subscribers  do not see these advertisements}}

 

[chaser]

Thanks for the link, I checked and have not been compromised but took the option for notification should my address be pwnd, however they send an email with a link to click on for confirmation, do you know is this safe ?

Well apparently I have been done three times on websites I've never heard of never mind given them my email!

 

[Larrynwin]

Well apparently I have been done three times on websites I've never heard of never mind given them my email!

Although on bt Internet I was going to change from yahoo but it's a bit like shutting the stable door........ as it occurred 3 years ago .
Which is better or rather are any safer ?

 

[Deleted member 29692]

I wouldn't worry about it personally, not quite sure what these hackers can do by getting into your account, maybe email all your contacts? Anyone ?

Many people use the same password for everything and on a lot of sites your username is your email address.

They won't even bother doing anything to the email accounts, they will just trawl other sites with the email address/password combination until they get a hit.

They don't even need a very good ratio of hits to attempts to make it worthwhile.

^{_{Subscribers  do not see these advertisements}}

 

[Gellyneck]

If you look at post number 3, go to that site and put your email address in and if its been hacked it may tell you. My email came with 5000 others on a hacked list from searchforsites. I copied it, put it into openoffice, and sorted it alphabetically rather than go through 5000 names trying to find mine.
I have attached it to this post.

Good heads up Olley. I'm on the list as well. A quick scroll down your list "identifies" a number of other Funsters, eg @irnbru , @andy63 , @cliffandger , @bigtree , @Mags52 , @trevorf , @chaser , @wanderingyp , @Boringfrog , @Vanman , @Debs , etc working on the assumption they're using the same user name!!!!! No doubt there will be others.

 

[cliffanger]

Good heads up Olley. I'm on the list as well. A quick scroll down your list "identifies" a number of other Funsters, eg @irnbru , @andy63 , @cliffandger , @bigtree , @Mags52 , @trevorf , @chaser , @wanderingyp , @Boringfrog , @Vanman , @Debs , etc working on the assumption they're using the same user name!!!!! No doubt there will be others.

Crikey - What do we have to do - and which passwords do we have to change? I don't understand any of this - have we just been hacked on the search for sites website?

 

[chaser]

Good heads up Olley. I'm on the list as well. A quick scroll down your list "identifies" a number of other Funsters, eg @irnbru , @andy63 , @cliffandger , @bigtree , @Mags52 , @trevorf , @chaser , @wanderingyp , @Boringfrog , @Vanman , @Debs , etc working on the assumption they're using the same user name!!!!! No doubt there will be others.

Don't understand this at all, the searchforsites list, has got my email , ok but where's the password , if that at the end is supposed to be it, it isn't, so what are they going to do, send me an email?

^{_{Subscribers  do not see these advertisements}}

 

[Gellyneck]

Crikey - What do we have to do - and which passwords do we have to change? I don't understand any of this - have we just been hacked on the search for sites website?

Hi Ger
Your forum name on here appears on the list provided by Olley above. This is a list of user data that was hacked from searchforsites website. What the issues would \ could come out of this not really sure but as your e-mail address is there it will probably mean a potential for significant increase in spam mail?

 

[Gellyneck]

Don't understand this at all, the searchforsites list, has got my email , ok but where's the password , if that at the end is supposed to be it, it isn't, so what are they going to do, send me an email?

Don't know if one of the columns is a "hashed" version of the password that can be translated into the real password? Well above my understanding! I've changed mine. But as your e-mail address is there it may mean increased spam?
Fortunately, the e-mail address I used on that site is a dedicated masked e-mail so I should be able to identify if spam is resulting from that hack. Haven't seen any though as yet.

 

[cliffanger]

Hi Ger
Your forum name on here appears on the list provided by Olley above. This is a list of user data that was hacked from searchforsites website. What the issues would \ could come out of this not really sure but as your e-mail address is there it will probably mean a potential for significant increase in spam mail?

Oh okay - thanks for that - when I tried to get onto the link from the third post it instantly came up as internet not available.... interrupted, so I couldn't even get on it to see my username.

Will keep an eye on emails etc.

^{_{Subscribers  do not see these advertisements}}

 

[bigtree]

Good heads up Olley. I'm on the list as well. A quick scroll down your list "identifies" a number of other Funsters, eg @irnbru , @andy63 , @cliffandger , @bigtree , @Mags52 , @trevorf , @chaser , @wanderingyp , @Boringfrog , @Vanman , @Debs , etc working on the assumption they're using the same user name!!!!! No doubt there will be others.

Cheers @Gellyneck ,registered for a yahoo account for something but never use it. On Virgin.

 

[Gellyneck]

Cheers @Gellyneck ,registered for a yahoo account for something but never use it. On Virgin.

And your ntl e-mail address is shown on the file from Olley, Trev.

 

[bigtree]

And your ntl e-mail address is shown on the file from Olley, Trev.

Great, Virgin media's anti spam sucks. I get regular spam through,just bin it.did complain but was told it was world class,my ass.

^{_{Subscribers  do not see these advertisements}}