back to article Yahoo! says! hackers! stole! ONE! BEELLION! user! accounts!

Yahoo! says hackers have probably stolen details from more than a billion user accounts, including names, addresses, phone numbers, and weakly hashed passwords in attacks dating back to 2013. Chief information security officer Bob Lord said in a statement that this event is likely a separate haul unrelated to past breaches. " …

  1. Oh Homer
    Big Brother

    This ain't news

    The NSA has been doing this for at least a decade.

  2. Pascal Monett Silver badge
    Trollface

    "stolen details from more than a billion user accounts"

    Phooey. Yahoo! never had a billion accounts.

    Am I really supposed to believe that Yahoo! has had more users than frakkin' Facebook ?

    No way.

    This is just another example of the specifically Yahoo! method of counting things.

    1. Youngone Silver badge

      Re: "stolen details from more than a billion user accounts"

      Yahoo! supplied hosted emails services to lots of organisations, my ISP for one.

      See comment below.

      1. Anonymous Coward
        Anonymous Coward

        Re: "stolen details from more than a billion user accounts"

        Pretty sure sky.com switched to yahoo from Google..

        1. Hans Neeson-Bumpsadese Silver badge

          Re: "stolen details from more than a billion user accounts"

          Pretty sure sky.com switched to yahoo from Google..

          They did. I remember supporting my parents' account when Sky transitioned to Yahoo email, and the whole experience was fairly s**t. Then they transitioned to Google a couple of years later...and that experience was also fairly s**t.

    2. Mark 85

      Re: "stolen details from more than a billion user accounts"

      Phooey. Yahoo! never had a billion accounts.

      Not users but accounts. For way too many years, much like Hotmail, Yahoo was a choice for throw away accounts and also for spammers. So it's very possible. I think I still have a about 10 or 12 open throwaways there.

      1. MR J

        Re: "stolen details from more than a billion user accounts"

        I think a lot of the spammers in the past used stolen accounts. At least the majority of spam I had over the years was either from fake names or stolen accounts.

        I have 10 accounts on virgin media (ntlworld) and each one has a use... It's lovely...

        I tried to get a few Yahoo stolen accounts shut down years ago and they told me no.. I know the owners and they owners tried to recover them but Yahoo said they didn't match security checks (lol)... But I got all sorts of spam targeted towards me because I was in their address book. Yahoo might have spent a lot of time over the years stopping some spammers, but I don't think have done enough to detect brute force theft. I could probably give you a BEELLION! reasons to agree with that last bit.

    3. kain preacher

      Re: "stolen details from more than a billion user accounts"

      This is counting ISPs that use Yahoo for the email

      1. Anonymous Coward
        Anonymous Coward

        Re: "stolen details from more than a billion user accounts"

        > ISPs that use Yahoo for the email

        Hurrah for outsourcing.

        .

        .

        And sarcasm.

    4. Version 1.0 Silver badge

      Re: "stolen details from more than a billion user accounts"

      They probably did have that many "accounts" - a lot of times it was easier to open a new account than reset the password. Yahoo was also a favorite email address for users with accounts with Ashley Madison and similar services.

      1. Anonymous Coward
        Anonymous Coward

        Re: Version 1.0

        Yahoo was also a favorite email address for users with accounts with Ashley Madison and similar services

        You seem remarkably well-informed about such practices ;-)

        1. Goopy

          Re: Version 1.0

          You are remakably guessy

          1. Anonymous Coward
            Anonymous Coward

            Re: Version 1.0

            Remarkably.

    5. a_yank_lurker

      Re: "stolen details from more than a billion user accounts"

      Key word is accounts. Users can easily have multiple accounts. Also, how many of these accounts were throwaways are even active.

      My rude and crude estimate is that each Putrid Palace user had about 4 or 5 accounts each.

  3. Youngone Silver badge

    I suppose

    This must be why my ISP started bringing all the Yahoo! hosted email back in house a few months ago.

    If I remember correctly they said it was something to do with improved service or something, but if they said publicly that Yahoo! are fsking hopeless they would probably get sued.

    1. Pomgolian

      Re: I suppose

      You're not by any chance referring to NZ's Spark, the former NZ Government owned telco?

      If a set of outsourced incompetent jokes like Spark, has seen fit to pull the plug on them, then that speaks volumes about how irrelevant Yahoo! really have become.

  4. Mark 85

    It also brings Yahoo!'s acquisition by Verizon into question, as the much smaller September breach prompted questions about whether the purchase price Verizon will pay for the company should be reduced.

    Sell? I'd be surprised if they even give the company away at this point. If they offer it to me, they'd have to pay me to take it.

  5. Anonymous Coward
    Anonymous Coward

    You should have taken the money, Toombs Jerry

  6. Destroy All Monsters Silver badge
    Paris Hilton

    Is this some kind of fishing ground?

    This I don't understand. Maybe it's late?

    Passwords were hashed using the easy-to-subvert MD5 hash. Reg tech staff, on learning of the breach, say they started using more secure ciphers years before this breach.

    Why is Reg tech staff tasked with implementing Yahoo ciphers??

    And yes, 10⁹ user accounts sounds more like 10⁹ IoNT (Internet of Needful Things) accounts.

    1. Anonymous Coward
      Anonymous Coward

      Re: Is this some kind of fishing ground?

      'Reg tech staff' as a substitute for 'experts'.

      'they' as a substitute for 'most sensible places' (although they might've meant 'they' to mean 'el reg', but SSL still eludes them so I doubt it)

  7. jonnycando

    I deleted my account months ago...if miscreants got the credentials....they don't work anymore...and any info stored therewith has also changed and is no longer valid. I had different reasons to cancel than security but, for security's sake I am glad I did it.

    1. Planty Bronze badge

      It was hacked in 2013... They only telling us now...

    2. mosw

      "I deleted my account months ago..."

      Many people reuse the same or similar passwords for other services so even old, unused or deleted Yahoo account info can be used against them. If your Yahoo password was truly unique then no worries.

      1. John Brown (no body) Silver badge

        "Many people reuse the same or similar passwords for other services so even old, unused or deleted Yahoo account info can be used against them. If your Yahoo password was truly unique then no worries."

        Not forgetting the people who used their Yahoo account to sign up to other services which then promptly send you your username/password in a plaintext email, and the same for password resets.

  8. Anonymous Coward
    Anonymous Coward

    Yahoo hacked... Cool... right on.

    Anything else going on? Maybe a new cat video I'm missing or something?

  9. Anonymous Coward
    Anonymous Coward

    Password database

    Someone, somewhere now has 1 beeeeeeeeeelion username/password pairs, probably.

    I'll bet that my honeypots will give me more stuff.

    1. John Brown (no body) Silver badge

      Re: Password database

      Well, yes, that's true, but they've had the information now for over two years. Anyone affected is most likely already affected. The database value for a breach like this goes down over time.

  10. J. R. Hartley

    Ah!

    Ahaha ahahahhahaha ahaahhahahahahhahhahahahhshhahahahhaahhahahahahahahhahahahaahahahahahahahahhhhahahahhahahhaahhaahah

    And so forth.

  11. redpawn

    Over a Billion?

    This is like the biggest fish tale I've ever heard.

  12. wolfetone Silver badge

    When you say "One Billion", is that the American Billion or the proper Billion?

    1. Paul Crawford Silver badge

      I believe the author is referring to a milliard, a term that is unambiguous unlike our American cousins "ten gallon hat" scale.

    2. Anonymous Coward
      Anonymous Coward

      "When you say "One Billion", is that the American Billion or the proper Billion?"

      Not many people in the UK use billion to mean 1e12 these days in formal/official usage

      "Historically, the United Kingdom used the long scale billion but since 1974 official UK statistics have used the short scale"

    3. mosw

      'When you say "One Billion", is that the American Billion or the proper Billion?'

      Like it or not, they are now the same thing.

  13. Anonymous Coward
    Anonymous Coward

    Reason?

    The reason it was kept quiet was because Ms. Mayer wanted to protect her $58 million severence package when Yahoo manages to sell itself, which they are trying desparetly for past few years.

    Ditto Talktalk. Dido doesnt want to let go of her £ 7 million annual package, hence it is always "only a few of our customers" having suffered a hack.

    Oh, the power of big business & their friendly media chums !

    1. Tom Paine

      Re: Reason?

      Oh, the power of big business & their friendly media chums !

      And how do you know what you think you know, exactly?

  14. chivo243 Silver badge
    Trollface

    This is awesome

    I have forgotten my Yahoo password... Maybe I can find it now?

  15. johnB

    Could be worse

    Could have a Yahoo account & Talk Talk as your ISP.

  16. Florida1920

    What's impressive is!

    That they had one beelion accounts!

  17. Potemkine Silver badge
    Trollface

    1,000,000,000

    With one milliard accounts data stolen, Yahoo! breaks a new record that will be hard to beat, congrats!

    At last Yahoo! is the best in a category...

  18. Handlebar

    I have an old BT Yahoo email account associated with my landline. If I try to delete the account online, it says it can't be done and I must phone 0845 600 7030 to get BT to do it for me. When I phone that number, they say they can only reset passwords and don't have the ability to delete email accounts. Top notch support from BT again!

    1. Anonymous Coward
      Anonymous Coward

      When I worked for ATT it was Yahoo that had to delete the account. ATT didn't even have a phone number for the tech support people to call. Every thing had to be done by email. So it's not BT's fault this time, but Yahoo passing the buck.

  19. Anonymous Coward
    Anonymous Coward

    Yahoo having a laugh

    I think there is a bet going on, as to WHAT exactly needs to happen at Yahoo to dent the share price....

    Someone there reckoned that story about a billion hack accounts MUST affect share price. Others laughed and said it wouldn't....

  20. Tom Paine

    The BBC quote "Cyber security expert Troy Hunt" as saying the previous breach knocked $1 Bn off the Verizon sale price, and that this one "will surely impact that valuation even further, not just because of the scale of it, but because it shows a pattern of serious failures on Yahoo's behalf".

    http://www.bbc.com/news/world-us-canada-38324527

  21. Speltier

    Source Code

    The Mayer c-suite is bleating that the billion account loss was possibly due to source code theft, the purloiners taking advantage of security holes. Since Yahoo security was poor (despite the good reputation of the 'Paranoids' before they were poached by more astute companies) one has to presume that the Yahoo source code rivals Adobe Flash for security quality. It costs time and money to write secure code, even if the cost is negative on a life cycle basis.

    Verizon should probably rewrite the source code at a cost of 100Mil, or maybe 2 or 3 hundred including debugging and roll out to the 20 or 30 remaining Yahoo customers. Alternatively, Verizon could just ape Adobe and not proactively fix problems, just react and wack the moles when they pop up. Yahoo will then die the Flash death of a thousand security patches. Of course, if the price is right, maybe it would be worth it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like