Another Yahoo Data Breach
For your situational awareness...I logged into my Yahoo email this morning and found out there was another data breach:
"We are writing to inform you about a data security issue that may involve your Yahoo account information. We have taken steps to secure your account and are working closely with law enforcement.
What Happened?
Law enforcement provided Yahoo in November 2016 with data files that a third party claimed was Yahoo user data. We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with a broader set of user accounts, including yours. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.
What Information Was Involved?
The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. Not all of these data elements may have been present for your account. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system we believe was affected."
https://help.yahoo.com/kb/SLN27925.html?impressions=true
"We are writing to inform you about a data security issue that may involve your Yahoo account information. We have taken steps to secure your account and are working closely with law enforcement.
What Happened?
Law enforcement provided Yahoo in November 2016 with data files that a third party claimed was Yahoo user data. We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with a broader set of user accounts, including yours. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.
What Information Was Involved?
The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. Not all of these data elements may have been present for your account. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system we believe was affected."
https://help.yahoo.com/kb/SLN27925.html?impressions=true
Comments
-
pitviper Member Posts: 1,376 ■■■■■■■□□□Yep, I got this as well - only on one of my accounts though.CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT
-
scaredoftests Mod Posts: 2,780 ModI thought it was the same data breach as before, just that we are being notified about it via email.Never let your fear decide your fate....
-
xxxkaliboyxxx Member Posts: 466Waiting on the Yahoo CISO job posting on LinkedIn...Studying: GPEN
Reading: SANS SEC560
Upcoming Exam: GPEN -
pitviper Member Posts: 1,376 ■■■■■■■□□□Skyliinez92 wrote: »I'm surprised people still use Yahoo after all these years... I wouldn't consider them a 'Tech Giant' as the BBC put it this morning.
because nobody else loses data? lol
I have multiple accounts with all major free email providers - For testing as well as keeping things separated.CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT -
Verities Member Posts: 1,162@scaredoftests: Its a separate breach.
@Skyliinez92: I've made the decision to move away from it. You run the same risks with any provider nowadays. -
cyberguypr Mod Posts: 6,928 ModI'm holding on to them only because they bought out the provider of my original email account from 1996 (damn, I feel old). With this breach I've decided to spend some time and completely move out all my stuff elsewhere while keeping the account mostly inactive.
-
TechGromit Member Posts: 2,156 ■■■■■■■■■□Yea, I saw that, but I changed my email password several times since 2013.Still searching for the corner in a round room.
-
m1xaylo Member Posts: 59 ■■■□□□□□□□Yahoo was big in Europe for years so it was natural that for the "old" people to keep their accounts going. You would think that they would tighten up security after last time
-
MAC_Addy Member Posts: 1,740 ■■■■□□□□□□Thank goodness I don't have a Yahoo account. I've been strictly gmail for over 10 years. Before that, it was hotmail.2017 Certification Goals:
CCNP R/S