All 3 Billion Yahoo Accounts Affected by 2013 Attack

LewisBraham

https://nytimes.com/2017/10/03/technology/yahoo-hack-3-billion-users.html

That investigators did not discover the full extent of the 2013 incident before Verizon closed the deal to acquire Yahoo in June was surprising to outside cybersecurity analysts.

“Frankly, I don’t know how Yahoo got away with this,” said Jay Kaplan, a former Defense Department cybersecurity expert and senior analyst at the National Security Agency who is now the chief executive of the cybersecurity company Synack.

After Yahoo discovered that one billion accounts were affected, it should not have been a stretch to consider that all of the company’s user accounts had been compromised, he said. “My guess is that Yahoo was completely ‘owned’ across the board,” Mr. Kaplan said.

Verizon said in a statement Tuesday that, with the assistance of outside forensic experts, it had determined that all Yahoo’s user accounts were affected. The company said it would continue to work closely with law enforcement.

Ted

@Lewis: Speaking of millions, billions, trillions !
Regards,
Ted

bee

This give me a new idea to pitch to the show "Naked and Afraid".

Instead of offering contestants a fire starter, rope or map we see how long it takes for them to lose the credit worthiness (identity) by merely buying a latte, posting an update to online, or answering their phone.

I'll take my chances of surviving among with the lions, tiger and spiders.

bee

How Block Chain Technology May Help Individuals Secure their Digital Identity:

Forbes Article:

Ideally the only risk you should have when it comes to managing your digital identity is whether or not your personal systems have been compromised, instead of worrying about every corporation you've ever dealt with in the past. In the offline world, you update your proof of identity every few years, receiving a drivers license, ID card, or maybe a passport if you travel internationally. When you go to a club, they check your age on your ID. When purchasing an Amtrak ticket you prove who you are. You are authenticated and the person who checked your ID immediately forgets your details.

If a malicious party wanted to compromise your ID, they can not do that by going to a club you patronized a year ago, as the security guards have long forgotten the information on your ID. Instead, the malicious agent would need to find you personally out of 7 billion people in the world, steal your ID from your wallet, or steal enough other information on you to obtain a fake license.

So how do we get from an insecure, centralized information model to a decentralized authentication model like how we interact in the real world? The answer is a combination of cryptographic hashing and blockchain technology.

https://forbes.com/sites/jonathanchester/2017/03/03/how-the-blockchain-will-secure-your-online-identity/#58c430125523

hank

Tell me about it!

Got an email from Yahoo last night telling me my account was breached in 2013. First notification - though I long suspected something.

Spent about 5 hours today upgrading my internet security in various ways. I'll be using Yahoo mail less and less and moving to other providers. Also changed about a dozen different account passwords - something I do at least once a year anyway. One is a 18-banger - Ought to be long enough!

The real travesty is that users' "secret questions/answers" were raided. Over the years I've devised a set of 5-10 really good ones that no one else knows (err "knew"). Each of my dozen or more online accounts has 3-5 of these on file. These all had a certain logic behind them that helped me recall them. (Suspect that's not much different from how other folks operate.) How in h*** are you supposed to assure that every online account you ever set-up no longer uses any of those formerly "secret" questions/answers for verifying your identity? A pain in the a** for sure.

I think I have a brilliant solution. How about using a different brand of whiskey for each of those questions? Should work. Save your empties & tag each different brand as "favorite teacher" "favorite pet" etc. If your "secrets" get stolen again, there's always more new brands to try. Count the cost of each new one as an "investment expense".

PS - Chivas Regal just became my favorite teacher.