Your Yahoo Account Was Probably Hacked - Company Set to Confirm Massive Breach

Archived From: Deal Discussion
  • Page :
  • 1
  • Text Only
rated:

Member Summary
Most Recent Posts
Definitely second the "give companies and websites garbledee-gook" unless they absolutely require it. I have a standard ... (more)

Dealpouncer (Sep. 24, 2016 @ 4:08p) |

You know Verizon just bought Yahoo..I wonder if this was discovered during the merge process (And had to be disclosed to... (more)

forbin4040 (Sep. 24, 2016 @ 5:05p) |

Just make sure you use a 555 number for fake phone. Wouldn't want you to give them someone else's phone number. I also u... (more)

JamesTKirk (Sep. 25, 2016 @ 7:55a) |

Staff Summary
Thanks for visiting FatWallet.com. Join for free to remove this ad.

2014...how timely that this is just now coming to light.

I use it for my spam e-mail address...I am sure the hackers are having a great time seeing viagra, PAC's and many other useless e-mails...

So much for commercial accounts being more secure. Did Yahoo disclose this Verizon before the sale?

what is yahoo?


This probably came to light from Verizon's due diligence. Wonder if it will affect the sale price.

Why is this in Deal Discussion?

Could I just change my password?

goldenkettle said:   Could I just change my password?

News reports say change password and recovery questions.

Never use the same password at more than one site.

Never answer the questions correctly. "Favorite car?" Monkey12#

Never give your date of birth or other confidential info, make one up.

If it's not a buying site, make up your name, and address, if needed.

I just got the email from Yahoo, two years after the breach.

EradicateSpam said:   Never use the same password at more than one site.

Never answer the questions correctly. "Favorite car?" Monkey12#

Never give your date of birth or other confidential info, make one up.

If it's not a buying site, make up your name, and address, if needed.


so secure even the owner cannot get in. 

Passwords are never stored as passwords. They are stored as hashes.

Here is the hash of my password. cc2afd4e961a3fabdd5cd609ac83b2022812b59c0f9af4aa97afaca997a22db6

Go figure the password out from this. I will get you a nobel prize.

I am having an incredibly difficult time changing my Yahoo password because my Yahoo account was previously merged with an old prodigy.net account that was then taken over by AT&T. So when I try to change my Yahoo password, it takes me directly to AT&T's web site. I was successfully able to change my AT&T password on there yesterday, but that change is not migrating over to Yahoo's server. So my password on AT&T was changed, but my Yahoo password was not. Apparently I'm not the only person having this problem. Extremely annoying, to say the least.

Anyone interested in a class action law suit, verizon has very deep pockets

Psh, my account was hacked years ago. I told Yahoo. Got hacked again and again. Kept telling Yahoo. I realized they were not stealing my password or security questions but their systems are just not secure and hackers were getting through from other ways. Kept telling Yahoo. Gmail, hotmail, and other accounts were not getting hacked. It's about time they went public about this. I hope they get a big fine or lawsuit.

FWIW, of the free email services, gmail is probably the most secure. Google improved security substantially after the Chinese hacked them a few years ago.

My friend said I was sending viruses a few years ago from my yahoo. I went PISHAW! and went I went into my sent folder, there they were! I traced the headers from Russia. So I guess they've known about the hack and did nothing until recently.

Note : I now have 2FA on, it's a pain but it's safer than security questions (Which are turned OFF)

king0fSpades said:   Passwords are never stored as passwords. They are stored as hashes.

Here is the hash of my password. cc2afd4e961a3fabdd5cd609ac83b2022812b59c0f9af4aa97afaca997a22db6

Go figure the password out from this. I will get you a nobel prize.

You realize with enough computing power any password can be brute forced with the hash, right?
With minimal power you can brute force most peoples passwords using a simple dictionary attack.

If it really was a state sponsored attack and they wanted your password from that hash they could probably have it pretty quickly regardless of how complex your password is.   Call the nobel committee and get the paperwork going!
 

Regardless, change your password anyway.

king0fSpades said:   Passwords are never stored as passwords. They are stored as hashes.

Here is the hash of my password. cc2afd4e961a3fabdd5cd609ac83b2022812b59c0f9af4aa97afaca997a22db6

Go figure the password out from this. I will get you a nobel prize.

  according to my algorithms your password is Boaty McBoatface, please paypal me my Nobel check thanks!

ablang said:   Regardless, change your password anyway.
Ah, they can have my password.  I think I last logged in to yahoo 15 years ago.  Nothing is linked to that email address and its worth nothing.
I would imagine few people here are using any yahoo services.

Heck, everyone logging in to yahoo to change their password is probably just going to raise their valuation.  Suddenly look at all the "Active" users!  Actually, kind of makes you wonder...

 

What bothers me is that it took them two years to come clean. I believe companies should have to disclose to customers within 24 hours absent a court order. In any class action suit, days to disclosure should be reflected in damages.

Whether people use Yahoo now or not is irrelevant. Many (most?) re-use passwords. Hackers will find (or found in this case) a lot of use from this breach.

EradicateSpam said:   Never use the same password at more than one site.

Never answer the questions correctly. "Favorite car?" Monkey12#

Never give your date of birth or other confidential info, make one up.

If it's not a buying site, make up your name, and address, if needed.

Definitely second the "give companies and websites garbledee-gook" unless they absolutely require it. I have a standard fake birthdate, phone number, etc. that I give to companies that don't need it, and use randomly generated passwords as the answer to security questions. One of the companies you deal with will be hacked eventually, it's just a matter of you determining how much accurate info you want out there, this approach at least limits exposure.
 
My bank changed from opened ended text questions to requiring you to select a button answer, effectively guaranteeing someone guessing a much larger chance(say 1/10) of randomly picking the correct security question rathern than the minute chance of them guessing my favorite candy was aer90g8ryh12g!89012guaoskdjgdjakjgsk.  My 401k company refuses to let you select your own username, effectively halving their security, actually probably much worse--you have to use your SSN as your user name.

You know Verizon just bought Yahoo..I wonder if this was discovered during the merge process (And had to be disclosed to the SEC) and Yahoo has been sitting on this for years.

Dealpouncer said:   
I have a standard fake birthdate, phone number, etc.


Just make sure you use a 555 number for fake phone. Wouldn't want you to give them someone else's phone number. I also use fake answers to security questions. Keep my fakes in my password program on computer so I know what fakes I used if asked.
  



Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2017