nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Yahoo! says! hackers! stole! ONE! BEELLION! user! accounts!

Silver badge
Big Brother

This ain't news

The NSA has been doing this for at least a decade.

3
5
Silver badge
Trollface

"stolen details from more than a billion user accounts"

Phooey. Yahoo! never had a billion accounts.

Am I really supposed to believe that Yahoo! has had more users than frakkin' Facebook ?

No way.

This is just another example of the specifically Yahoo! method of counting things.

7
3
Silver badge

Re: "stolen details from more than a billion user accounts"

Yahoo! supplied hosted emails services to lots of organisations, my ISP for one.

See comment below.

11
0
Silver badge

Re: "stolen details from more than a billion user accounts"

Phooey. Yahoo! never had a billion accounts.

Not users but accounts. For way too many years, much like Hotmail, Yahoo was a choice for throw away accounts and also for spammers. So it's very possible. I think I still have a about 10 or 12 open throwaways there.

11
0
Silver badge

Re: "stolen details from more than a billion user accounts"

This is counting ISPs that use Yahoo for the email

3
0
Silver badge

Re: "stolen details from more than a billion user accounts"

They probably did have that many "accounts" - a lot of times it was easier to open a new account than reset the password. Yahoo was also a favorite email address for users with accounts with Ashley Madison and similar services.

7
0

Re: "stolen details from more than a billion user accounts"

I think a lot of the spammers in the past used stolen accounts. At least the majority of spam I had over the years was either from fake names or stolen accounts.

I have 10 accounts on virgin media (ntlworld) and each one has a use... It's lovely...

I tried to get a few Yahoo stolen accounts shut down years ago and they told me no.. I know the owners and they owners tried to recover them but Yahoo said they didn't match security checks (lol)... But I got all sorts of spam targeted towards me because I was in their address book. Yahoo might have spent a lot of time over the years stopping some spammers, but I don't think have done enough to detect brute force theft. I could probably give you a BEELLION! reasons to agree with that last bit.

6
0
Silver badge

Re: "stolen details from more than a billion user accounts"

Key word is accounts. Users can easily have multiple accounts. Also, how many of these accounts were throwaways are even active.

My rude and crude estimate is that each Putrid Palace user had about 4 or 5 accounts each.

7
1
Anonymous Coward

Re: "stolen details from more than a billion user accounts"

> ISPs that use Yahoo for the email

Hurrah for outsourcing.

.

.

And sarcasm.

8
0
Anonymous Coward

Re: "stolen details from more than a billion user accounts"

Pretty sure sky.com switched to yahoo from Google..

0
0
Anonymous Coward

Re: Version 1.0

Yahoo was also a favorite email address for users with accounts with Ashley Madison and similar services

You seem remarkably well-informed about such practices ;-)

2
0
Silver badge

Re: "stolen details from more than a billion user accounts"

Pretty sure sky.com switched to yahoo from Google..

They did. I remember supporting my parents' account when Sky transitioned to Yahoo email, and the whole experience was fairly s**t. Then they transitioned to Google a couple of years later...and that experience was also fairly s**t.

1
0

Re: Version 1.0

You are remakably guessy

0
0
Anonymous Coward

Re: Version 1.0

Remarkably.

0
0
Silver badge

I suppose

This must be why my ISP started bringing all the Yahoo! hosted email back in house a few months ago.

If I remember correctly they said it was something to do with improved service or something, but if they said publicly that Yahoo! are fsking hopeless they would probably get sued.

12
0

Re: I suppose

You're not by any chance referring to NZ's Spark, the former NZ Government owned telco?

If a set of outsourced incompetent jokes like Spark, has seen fit to pull the plug on them, then that speaks volumes about how irrelevant Yahoo! really have become.

5
0
Silver badge

It also brings Yahoo!'s acquisition by Verizon into question, as the much smaller September breach prompted questions about whether the purchase price Verizon will pay for the company should be reduced.

Sell? I'd be surprised if they even give the company away at this point. If they offer it to me, they'd have to pay me to take it.

13
0
Anonymous Coward

You should have taken the money, Toombs Jerry

6
0
Silver badge
Paris Hilton

Is this some kind of fishing ground?

This I don't understand. Maybe it's late?

Passwords were hashed using the easy-to-subvert MD5 hash. Reg tech staff, on learning of the breach, say they started using more secure ciphers years before this breach.

Why is Reg tech staff tasked with implementing Yahoo ciphers??

And yes, 10⁹ user accounts sounds more like 10⁹ IoNT (Internet of Needful Things) accounts.

1
0
Anonymous Coward

Re: Is this some kind of fishing ground?

'Reg tech staff' as a substitute for 'experts'.

'they' as a substitute for 'most sensible places' (although they might've meant 'they' to mean 'el reg', but SSL still eludes them so I doubt it)

4
0

I deleted my account months ago...if miscreants got the credentials....they don't work anymore...and any info stored therewith has also changed and is no longer valid. I had different reasons to cancel than security but, for security's sake I am glad I did it.

0
1
Bronze badge

It was hacked in 2013... They only telling us now...

4
1

"I deleted my account months ago..."

Many people reuse the same or similar passwords for other services so even old, unused or deleted Yahoo account info can be used against them. If your Yahoo password was truly unique then no worries.

0
0
Silver badge

"Many people reuse the same or similar passwords for other services so even old, unused or deleted Yahoo account info can be used against them. If your Yahoo password was truly unique then no worries."

Not forgetting the people who used their Yahoo account to sign up to other services which then promptly send you your username/password in a plaintext email, and the same for password resets.

0
0
Silver badge

Yahoo hacked... Cool... right on.

Anything else going on? Maybe a new cat video I'm missing or something?

0
2
Silver badge

Password database

Someone, somewhere now has 1 beeeeeeeeeelion username/password pairs, probably.

I'll bet that my honeypots will give me more stuff.

0
1
Silver badge

Re: Password database

Well, yes, that's true, but they've had the information now for over two years. Anyone affected is most likely already affected. The database value for a breach like this goes down over time.

0
0
Silver badge

Ah!

Ahaha ahahahhahaha ahaahhahahahahhahhahahahhshhahahahhaahhahahahahahahhahahahaahahahahahahahahhhhahahahhahahhaahhaahah

And so forth.

0
2
Silver badge

Over a Billion?

This is like the biggest fish tale I've ever heard.

0
1
Silver badge

When you say "One Billion", is that the American Billion or the proper Billion?

11
2
Silver badge

I believe the author is referring to a milliard, a term that is unambiguous unlike our American cousins "ten gallon hat" scale.

9
1
Anonymous Coward

"When you say "One Billion", is that the American Billion or the proper Billion?"

Not many people in the UK use billion to mean 1e12 these days in formal/official usage

"Historically, the United Kingdom used the long scale billion but since 1974 official UK statistics have used the short scale"

8
0

'When you say "One Billion", is that the American Billion or the proper Billion?'

Like it or not, they are now the same thing.

0
0
Anonymous Coward

Reason?

The reason it was kept quiet was because Ms. Mayer wanted to protect her $58 million severence package when Yahoo manages to sell itself, which they are trying desparetly for past few years.

Ditto Talktalk. Dido doesnt want to let go of her £ 7 million annual package, hence it is always "only a few of our customers" having suffered a hack.

Oh, the power of big business & their friendly media chums !

4
1
Silver badge

Re: Reason?

Oh, the power of big business & their friendly media chums !

And how do you know what you think you know, exactly?

0
2
Silver badge
Trollface

This is awesome

I have forgotten my Yahoo password... Maybe I can find it now?

3
0

Could be worse

Could have a Yahoo account & Talk Talk as your ISP.

0
0
Silver badge

What's impressive is!

That they had one beelion accounts!

0
0
Trollface

1,000,000,000

With one milliard accounts data stolen, Yahoo! breaks a new record that will be hard to beat, congrats!

At last Yahoo! is the best in a category...

2
1

I have an old BT Yahoo email account associated with my landline. If I try to delete the account online, it says it can't be done and I must phone 0845 600 7030 to get BT to do it for me. When I phone that number, they say they can only reset passwords and don't have the ability to delete email accounts. Top notch support from BT again!

3
0
Anonymous Coward

When I worked for ATT it was Yahoo that had to delete the account. ATT didn't even have a phone number for the tech support people to call. Every thing had to be done by email. So it's not BT's fault this time, but Yahoo passing the buck.

0
0
Anonymous Coward

Yahoo having a laugh

I think there is a bet going on, as to WHAT exactly needs to happen at Yahoo to dent the share price....

Someone there reckoned that story about a billion hack accounts MUST affect share price. Others laughed and said it wouldn't....

1
0
Silver badge

The BBC quote "Cyber security expert Troy Hunt" as saying the previous breach knocked $1 Bn off the Verizon sale price, and that this one "will surely impact that valuation even further, not just because of the scale of it, but because it shows a pattern of serious failures on Yahoo's behalf".

http://www.bbc.com/news/world-us-canada-38324527

2
0

Source Code

The Mayer c-suite is bleating that the billion account loss was possibly due to source code theft, the purloiners taking advantage of security holes. Since Yahoo security was poor (despite the good reputation of the 'Paranoids' before they were poached by more astute companies) one has to presume that the Yahoo source code rivals Adobe Flash for security quality. It costs time and money to write secure code, even if the cost is negative on a life cycle basis.

Verizon should probably rewrite the source code at a cost of 100Mil, or maybe 2 or 3 hundred including debugging and roll out to the 20 or 30 remaining Yahoo customers. Alternatively, Verizon could just ape Adobe and not proactively fix problems, just react and wack the moles when they pop up. Yahoo will then die the Flash death of a thousand security patches. Of course, if the price is right, maybe it would be worth it.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing