/ Yahoo tell me that they got pwn'd back in '14

Please Register as a New User in order to reply to this topic.
Xharlie on 23 Sep 2016

I received the following email from Yahoo, this morning, confirming my suspicion that I once did have a Yahoo account - I think you needed it for Flickr, back in the day...

> A recent investigation by Yahoo has confirmed that a copy of certain user account information was stolen from our systems in late 2014 by what we believe is a state-sponsored actor. We are closely coordinating with law enforcement on this matter and working diligently to protect you.

There are a few things that are alarming, here:

Firstly, they are telling me that they got pwn'd in late 2014. How is this useful information? If anyone stole account information two years ago, they have surely used it by now and any possible damage would be done already?

Secondly, they're blaming a "state-sponsored actor". Yahoo are about as big and corporate as you get - they're not some individual hiding out in an embassy or airport or foreign country or some "l33t" hacker group named Anonymous.

Personally, I am not concerned. I use a throw-away password for any sites that aren't important and a dedicated passport for those that are, different for every site. At Yahoo, anyone would have got the throw-away one and, at worst, they could probably hack my Flickr (unused in about 10 years) and UKC forums account.

But it does rather confirm my suspicions about government-scale cracking efforts... Take off those beanies and grab your Tin-foil hats!

Oh... and any posts I make that receive more dislikes than likes are certainly not actually from me - they were written by whichever state stole my throw-away password and is now impersonating me in a cruel smear campaign.

EDIT: Here's El Reg weighing in on the topic: http://www.theregister.co.uk/2016/09/22/yahoo_500m_email_accounts_hacked/
Post edited at 11:20
pec on 23 Sep 2016
In reply to Xharlie:

> Oh... and any posts I make that receive more dislikes than likes are certainly not actually from me - they were written by whichever state stole my throw-away password and is now impersonating me in a cruel smear campaign. >

That explains your post on the Special Snowflakes thread ;-)


Oceanrower - on 23 Sep 2016
In reply to Xharlie:

Sorry, but I don't understand. What is this "pwn'd" that you speak of?
KevinD - on 23 Sep 2016
In reply to Oceanrower:

> Sorry, but I don't understand. What is this "pwn'd" that you speak of?

Its where a pawn becomes a knight instead of a queen.

I think there should be a requirement for any company compromised to admit to it as soon as is feasible allowing some time for investigation.
ads.ukclimbing.com
captain paranoia - on 24 Sep 2016
In reply to KevinD:

They only recently discovered the hack. Or so they say...

Oh, and unsurprisingly, the state in question is allegedly China, and the "don't worry" argument is based on the argument that they did it to access internal 'dissidents'.
Post edited at 00:57

Please Register as a New User in order to reply to this topic.