1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possibly the biggest hack of all time-1 BILLION USER DETAILS

Discussion in 'BlackHat Lounge' started by Skyebug77, Dec 14, 2016.

  1. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,016
    Likes Received:
    1,422
    Occupation:
    Marketing
    Location:
    Portland,Or
    Source: http://www.businessinsider.com/yahoo-data-breach-billion-accounts-2016-12?

    Statement From Yahoo:

    "Yahoo! Inc. (NASDAQ:YHOO) has identified data security issues concerning certain Yahoo user accounts. Yahoo has taken steps to secure user accounts and is working closely with law enforcement.

    "As Yahoo previously disclosed in November, law enforcement provided the company with data files that a third party claimed was Yahoo user data. The company analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. The company has not been able to identify the intrusion associated with this theft. Yahoo believes this incident is likely distinct from the incident the company disclosed on September 22, 2016.

    "For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.

    "Yahoo is notifying potentially affected users and has taken steps to secure their accounts, including requiring users to change their passwords. Yahoo has also invalidated unencrypted security questions and answers so that they cannot be used to access an account.

    "Separately, Yahoo previously disclosed that its outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password. Based on the ongoing investigation, the company believes an unauthorized third party accessed the company's proprietary code to learn how to forge cookies. The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. Yahoo is notifying the affected account holders, and has invalidated the forged cookies. The company has connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.

    "Yahoo encourages users to review all of their online accounts for suspicious activity and to change their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account. The company further recommends that users avoid clicking links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information. Additionally, Yahoo recommends using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.

    Additional information is available on the Yahoo Account Security Issues FAQs page: https://yahoo.com/security-update.
     
    • Thanks Thanks x 1
  2. Larry Igna

    Larry Igna Junior Member

    Joined:
    Nov 25, 2016
    Messages:
    131
    Likes Received:
    62
    Gender:
    Male
    Home Page:
    Poor yahooerz, they've once been great..
     
  3. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,475
    Likes Received:
    11,176
    Occupation:
    CHEAP
    Location:
    DATASETS
    Home Page:
    I just saw Marissa Mayer on the news but there was no audio. She's hot that's all I thought.
     
    • Thanks Thanks x 3
  4. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,016
    Likes Received:
    1,422
    Occupation:
    Marketing
    Location:
    Portland,Or
    She is pretty damn good looking.
     
    • Thanks Thanks x 1
  5. amoon

    amoon Jr. VIP Jr. VIP

    Joined:
    May 16, 2015
    Messages:
    1,671
    Likes Received:
    933
    Gender:
    Male
    Occupation:
    IM - BHW
    Location:
    Map–Territory
    yahoo security problems are everywhere,
     
  6. blogzandstuff

    blogzandstuff Elite Member

    Joined:
    Jan 1, 2015
    Messages:
    5,729
    Likes Received:
    2,654
    Occupation:
    blog creator
    Location:
    UK
    It's breaking news on the BBC, just to spread even more panic
     
  7. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    2,016
    Likes Received:
    1,422
    Occupation:
    Marketing
    Location:
    Portland,Or
    I am hiding under my bed, YOU SHOULD TOO! SHOUT FROM THE TOP OF YOUR LUNGS

    "THE HACKERS ARE COMING!!!!!!!!"
     
  8. NobelNerd

    NobelNerd Power Member

    Joined:
    Feb 21, 2013
    Messages:
    731
    Likes Received:
    299
    Occupation:
    Digital Marketing
    Location:
    India
    Just found out my email account was compromised with BHW :eek:
    [​IMG]
    [​IMG]
     
  9. RuthSam

    RuthSam Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 19, 2010
    Messages:
    3,813
    Likes Received:
    976
    Gender:
    Male
    Home Page:
    WoW bad news but actually nothing new for all these free e-mail services they seem to be loved by hackers and script kiddies!
     
  10. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    7,290
    Likes Received:
    8,260
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    Yea, just received an email from Yahoo regarding to this.
    They already asked for a password reset after the other leak they announced in September. This leak is not fresh (happened in 2013), so i guess no further action is needed.

    1 billion accounts is a big number though, i'm wondering how many of those are fake.

    ...and a couple of other sites. Myspace breach was in 2008, i think that's the first out of those, so you were pawned well before the BHW leak, which was in 2014. The Adobe and Tumblr leak happened before BHW too. That's why you should never use the same password for your email address, what you use on sites where you register with said email address.

    Here's a very good visualization to put into perspective that how many data breaches happened so far, at least all those we know about.: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
     
    • Thanks Thanks x 1
    Last edited: Dec 15, 2016
  11. Capo Dei Capi

    Capo Dei Capi BANNED BANNED

    Joined:
    Oct 23, 2014
    Messages:
    754
    Likes Received:
    1,734
    Yahoo has alot more than security problems they need to fix. Their home page has been riddled with BS news stories such as WW3 is happening soon.They need to get rid of Marissa and put someone in that can bring back Yahoo to being a brand that people trust to use for email and consider a trusted news source.
     
    • Thanks Thanks x 1
  12. blogzandstuff

    blogzandstuff Elite Member

    Joined:
    Jan 1, 2015
    Messages:
    5,729
    Likes Received:
    2,654
    Occupation:
    blog creator
    Location:
    UK
    Didn't the founder come back and try a while ago?
     
  13. lawyal

    lawyal Regular Member

    Joined:
    Oct 25, 2016
    Messages:
    322
    Likes Received:
    210
    Gender:
    Male
    Location:
    Upper Eastside
    I find it always astonishing how fast people (and media and their stocks) keep forgetting the last breach. And the one before...
    Almost no lasting negative image damage for the companies.
     
  14. Apricot

    Apricot Administrator Staff Member Moderator

    Joined:
    Mar 26, 2013
    Messages:
    12,770
    Likes Received:
    8,185
    Gender:
    Female
    Occupation:
    BHW Admin
    Location:
    Station 2E
    Home Page:
    • Thanks Thanks x 1