500 million Yahoo customers have data stolen

mr_fishbulb

AndyPix wrote: »

Great news - you most certainly can .. I have 3 gmail accounts connected to the app on my android phone
Heres how :- https://www.youtube.com/watch?v=YzdxQRRLYmQ

Say what?! Amazing - thank you!

mr_fishbulb

Kernel_Sanders wrote: »

Couldn't you have killed the infant Hitler on the way?
Oh hang on, half of us wouldn't be here because our great/grand/parents would never have met.....

Did Hitler also run a dating agency?

Kernel_Sanders

AndyPix wrote: »

Wow, you know aewale too !!
Small world..


He is transferring £2 million into my account later today ...


I just have to send him £300 by western union first to pay for the documents to be signed - i cant believe my luck !!


( pssst .. Did you know he was actually a Nigerian prince )

How gullible you are, Andy.


He's only charging me £150.

mr_fishbulb wrote: »

Did Hitler also run a dating agency?

He ran 'Plenty of Fritz'.

jshm2

Run on over to haveibeenpwned.com occasionally to check yourself against the database.

Ideally you should be changing your passwords every 30 days anyway.

One-Eye

I've changed my Yahoo password to "enigma" because apparently it's very hard to break.

I've also chosen some of their new security questions which are guaranteed not to be used on other sites:

What is the name of the first person with whom you cheated on your spouse/significant other?

What was the name of the cat you put in the microwave/tumble dryer?

Which of your neighbours do you fancy the most?

ARandomMiser

Laurie_Sicard-Askey wrote: »

And some said it could never be done... yawn:


https://uk.news.yahoo.com/500-million-yahoo-customers-data-185600374.html

Did anyone ever say 'it could never be done'?
The advice I always seem to get is to protect your passwords and change them regularly in case something gets hacked.

parking_question_chap

I have read up on the news.

I have updated my password this year and also have the 2 step security meaning I get a text if a log in is attepted from another device. Are those with this extra level at risk as well?

Sicard

See you next Tuesday guys. Phonetic insult.

buglawton

Anyone noticed that if you revoke the security questions then you cannot re-enable them? These are the questions Yahoo used to ask when resetting your password, like your cat's name, place of birth etc. Yahoo recommends you turn them off but does not offer anything to replace them.

spud17

I only have my Yahoo address from using Freecycle, that's the only time it is used.
Today I've received the email from Yahoo

NOTICE OF DATA BREACH
Dear spud17, We are writing to inform you about a data security issue that may involve your Yahoo account information.


What happened?

A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from our systems in late 2014 by what we believe is a state-sponsored actor. We are closely coordinating with law enforcement on this matter and working diligently to protect you.


What information was involved?

The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. Not all of these data elements may have been present for your account. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data or bank account information; payment card data and bank account information are not stored on the system that the investigation has found to be affected.


What we are doing

We are taking action to protect our users:

• We are asking potentially affected users to promptly change their passwords and adopt alternative means of account verification.
• We invalidated unencrypted security questions and answers so they cannot be used to access an account.
• We are recommending all users who have not changed their passwords since 2014 to do so.
• We continue to enhance our systems which detect and prevent unauthorised access to user accounts.
• We are working closely with law enforcement on this matter.

Our investigation into this matter is ongoing.


What you can do

We encourage you to follow these security recommendations:

• Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
• Review your accounts for suspicious activity.
• Exercise caution with any unsolicited forms of communication that ask for your personal information or refer you to a web page asking for personal information.
• Avoid clicking on links or downloading attachments from suspicious emails.

In addition, please consider using Yahoo Account Key, a simple authentication tool that completely eliminates the need to use a password.


For more information

For more information about this issue and our security resources, please visit the Yahoo Security Issue FAQs page available at https://yahoo.com/security-update.

Protecting your information is important to us and we are working continuously to strengthen our defences against the threats targeting our industry.

Yours sincerely,
Bob Lord
Chief Information Security Officer
Yahoo

The only time I've had anything hacked was in May 2013 and that was my Yahoo account, wonder if they are a bit out with their dates?