# Yahoo Mail Data Breach



## newfoundlander61 (Feb 6, 2011)

I got an email from yahoo today regarding a data breach that occurred. If you have a yahoo mail account change your password regardless to make sure. Only posting as some people may have a yahoo mail account and like me only use it from time to time and may not be aware of this.


----------



## carverman (Nov 8, 2010)

newfoundlander61 said:


> I got an email from yahoo today regarding a data breach that occurred. If you have a yahoo mail account change your password regardless to make sure. Only posting as some people may have a yahoo mail account and like me only use it from time to time and may not be aware of this.


Yup, I'm aware of it. It was also on the news. Common occurance these days. 




> Yahoo has identified data security issues concerning certain Yahoo user accounts. Yahoo has taken steps to secure user accounts and is working closely with law enforcement.
> 
> Below are FAQs containing details about these issues and steps users can take to help protect their accounts.
> 
> For information about the data security issue the company disclosed on September 22, 2016, click here.





> For potentially affected accounts, *the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers*.
> 
> The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information.
> Payment card data and bank account information are not stored in the system the company believes was affected.


Watch out for *phishing emails* now...delete any emails unless you are absolutely sure you know WHO and WHERE these are coming from. Don't open them.

heres what YAHOO is telling you to protect yourself:


> We encourage all of our users to follow these security recommendations:
> 
> Change your password and security questions and answers for any other accounts on which you use the same or similar information used for your Yahoo Account.
> 
> ...


----------



## Beaver101 (Nov 14, 2011)

^And the stupid thing is they keep asking you for other email accounts and/or cell # in teh event you "forgot" your password. Also, it seems new email accounts set up now requires a mobile # - wouldn't this leave a potential opportunity to compromise your cell phone? Duh ...


----------



## carverman (Nov 8, 2010)

Beaver101 said:


> ^And the stupid thing is *they keep asking you for other email accounts and/or cell # in teh event you "forgot" your password.*
> 
> Also, it seems *new email accounts set up now requires a mobile #* - wouldn't this leave a potential opportunity to compromise your cell phone? Duh ...


Well that is pretty much standard with these free email accounts, Beav.

I have two email accounts, but Yahoo.ca is not my primary account, just a backup in case the other one is compromised..(which hasn't happened yet). (knock on wood somewhere). 

I changed my PW yesterday and they sent me a confirmation code to my cell, (which isn't always turned on to save battery), it's my backup phone since my primary home phone is VOIP internet..and hasn't always worked 100% of the time. So if I have to call my ISP for support, at least I have a way of calling them if their internet
isn't working.

I don't think I would have any problems discriminating phoney/phishing emails or strange messages on my cell phone that Yahoo knows the number. I generally use it for outgoing calls and only answer numbers that
I know for certain are friends and family..everyone calling me may not get an answer as there is no voicemail
for them to leave a voice message..only a text message. 

I just find it so exasperating that Yahoo doesn't have better intrusion protection on their servers.
maybe Putin and the Russians got into Yahoo...as the CIA claim they hacked Hilliary's election servers to stop the votes
from coming in.

These days, you can't be too safe on the internet..cybercrime can hack just about any server which may even have
your credit card info.


----------



## Beaver101 (Nov 14, 2011)

^ If Yahoo doesn't get this problem fixed, then I say good luck to Ms. Mayer's job selling Yahoo to Verizons along with these https://www.thestar.com/business/2016/12/16/yahoo-faces-proposed-canadian-class-action-over-data-breach.html


----------



## carverman (Nov 8, 2010)

Beaver101 said:


> ^ If Yahoo doesn't get this problem fixed, then I say good luck to Ms. Mayer's job selling Yahoo to Verizons along with these


From the Star URL: 


> “She's been using her Yahoo email account as her *exclusive email system,*” lawyer Ted Charney said in an interview. “So, essentially, she's at risk for someone having access to all of her emails and everything she's done with her email account for a couple of years.”


Very naive of internet users to only have ONE EMAIL ADDRESS..that's the same as putting your 'eggs all in
one basket'. As a minimum you should have TWO email accounts on/with DIFFERENT email providers.
I don't use My Yahoo account because it has a lot of spam on it and a I've had a few phishing emails
pretending to be the real thing. I just delete, delete and delete.

Yahoo.com and probably it's Canadian version (Yahoo.ca) has some serious deficiences and is very
susceptible to hackers.
*hacked 3 years ago and they didn't heighten security:*


> informing her that her information was part of a hack of its servers — in *2013*


*then in 2014 again:*


> their account information had been stolen from its network in a cyberattack in late 2014
> Further, Yahoo! reported that the late 2014 breach likely used manufactured web cookies to falsify login credentials, allowing hackers to gain access to any account without a password.
> 
> Yahoo! has been criticized for their late disclosure of the breaches and their lax security measures, and it is currently facing several lawsuits and investigation by members of the United States Congress. The breaches have also put into question Verizon Communications's July 2016 plans to acquire Yahoo! for about $4.8 billion.


didn't see the mention of 2015, but maybe it was hacked last year too, I would suspect..easy pickins'. 



> discovered evidence of this latest breach from a *darkweb seller offering a list of more than one billion Yahoo! accounts for about $300,000 in August 2015*.


*then in 2016:*



> responsible for the data theft the company disclosed on *Sept. 22, 2016",*


Yahoo sale to Verizon...I think Yahoo has blown that one. I can see a lot of users leaving Yahoo after the
class action suit is finished. it's a second rate email service with inadequate security against hackers. 

read all about it on wiki...
https://en.wikipedia.org/wiki/Yahoo!_data_breaches


----------



## Beaver101 (Nov 14, 2011)

carverman said:


> From the Star URL:
> 
> Very naive of internet users to only have ONE EMAIL ADDRESS..that's the same as putting your 'eggs all in
> one basket'. ...


 ... that's no different from users of FB and all those self promotions for the rest of the world to know ... :encouragement:


----------



## carverman (Nov 8, 2010)

Beaver101 said:


> ... that's no different from users of FB and all those self promotions for the rest of the world to know ... :encouragement:


I don't use social media (FB/Twitter etc). In fact, CMF is my ONLY social forum because there is some good information on it besides investing as well as a lot of "chaff". 

Social media can be a good thing as it allows the individual to reach out to others, but it can also be a bad thing when stupid individuals (ie: teenagers posting inappropriate pictures of themselves or others on the FB). 

This goes to show that there are lots of immature individuals are out there using the latest technology and clueless on the impact of their actions using social media.

As soon as we get internet access, unfortunately, we expose some of private information for ANYONE on the internet to discover and use. 

This also goes for email addresses which can be used by cybercriminals for nefarious purposes. As an internet user you need to be on guard at all times.... that sooner or later , someone will attempt to hack into your computer looking for any useful information to steal. Nobody is safe these days.

You have to arm yourself with the latest virus and anti-hacking tools to try to reduce the possibibilty of that happening.

Getting a free mailbox service is great, but if you are not directly paying for that service,
you also have to accept the possibility that sooner or later, the email server could get hacked.
Then all your personal information stored on it, (even if you don't use your real name or address) will be available for the cybercriminals to sell to other criminal organizations. 

Just remember that on the internet, YOU CAN BE ANYONE Y0U WANT TO BE..and assume their identity.


----------



## Beaver101 (Nov 14, 2011)

^ So who do you really want to be on the internet?


----------

