Another Yahoo Data Breach

VeritiesVerities Member Posts: 1,162
For your situational awareness...I logged into my Yahoo email this morning and found out there was another data breachicon_cheers.gif:

"We are writing to inform you about a data security issue that may involve your Yahoo account information. We have taken steps to secure your account and are working closely with law enforcement.

What Happened?
Law enforcement provided Yahoo in November 2016 with data files that a third party claimed was Yahoo user data. We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with a broader set of user accounts, including yours. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.

What Information Was Involved?
The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. Not all of these data elements may have been present for your account. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system we believe was affected."


  • pitviperpitviper CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT Member Posts: 1,376 ■■■■■■■□□□
    Yep, I got this as well - only on one of my accounts though.
    CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT
  • scaredoftestsscaredoftests Security +, ITIL Foundation, MPT, EPO, ACAS, HTL behind youMod Posts: 2,778 Mod
    I thought it was the same data breach as before, just that we are being notified about it via email.
    Never let your fear decide your fate....
  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    Waiting on the Yahoo CISO job posting on LinkedIn...
    Studying: GPEN
    : SANS SEC560
    Upcoming Exam: GPEN
  • pitviperpitviper CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT Member Posts: 1,376 ■■■■■■■□□□
    I'm surprised people still use Yahoo after all these years... I wouldn't consider them a 'Tech Giant' as the BBC put it this morning.

    because nobody else loses data? lol

    I have multiple accounts with all major free email providers - For testing as well as keeping things separated.
    CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT
  • VeritiesVerities Member Posts: 1,162
    @scaredoftests: Its a separate breach.

    @Skyliinez92: I've made the decision to move away from it. You run the same risks with any provider nowadays.
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,915 Mod
    I'm holding on to them only because they bought out the provider of my original email account from 1996 (damn, I feel old). With this breach I've decided to spend some time and completely move out all my stuff elsewhere while keeping the account mostly inactive.
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,028 ■■■■■■■■□□
    Yea, I saw that, but I changed my email password several times since 2013.
    Still searching for the corner in a round room.
  • m1xaylom1xaylo Member Posts: 59 ■■■□□□□□□□
    Yahoo was big in Europe for years so it was natural that for the "old" people to keep their accounts going. You would think that they would tighten up security after last time icon_scratch.gif
  • MAC_AddyMAC_Addy Member Posts: 1,740 ■■■■□□□□□□
    Thank goodness I don't have a Yahoo account. I've been strictly gmail for over 10 years. Before that, it was hotmail.
    2017 Certification Goals:
    CCNP R/S
Sign In or Register to comment.