1.7 Billion and Counting

UPDATE:  Some people are suggesting that you cancel your Yahoo account immediately.  This is likely a really bad idea.  If you cancel the account, someone else may be able to open an account with the same name.  If they do, they will be able to send emails that appear to be from you and they will also be able to receive emails sent to you.

Instead, what you want to do is delete all the content (emails, contacts, calendar items, etc.) from your Yahoo account, change the password and add two factor authentication.

Periodically, log into the account to see who is still sending email to that address and redirect them to your new account and delete the mail.  Over time, you will be able to do this less frequently.

But, DO NOT delete the account.  It’s free, after all – you won’t save any money by deleting it and it will just make you more vulnerable.

No, it is not the number of hamburgers McDonald’s served yesterday.  It is the number of identities stored by Yahoo that they have admitted have already been compromised.

Today Yahoo said that in a different hack than the 500 million identities admitted recently, which they said was different than the 200 million identities hacked earlier, they are adding to that another MORE THAN 1 billion identities hacked by “an unidentified third party” in August 2013.

Information taken in this hack includle names, emails, phone numbers, birth dates, passwords, security questions and security answers.  Some of the data was likely encrypted.  The company does not BELIEVE credit card information was taken.

If I was Marissa Mayer, I would hide in a closet right now.

This hack was discovered as part of the investigation of the small 500 million identity hack in 2014.

I do believe that Yahoo will get the prize out of this one for the largest number of userids ever hacked in one attack.  EVER!

If one were a reasonable person one might ask why did it take three plus years to disclose this.  Reasonable question.

Rumor had it, after the 500 million user hack, Verizon wanted to reduce the price of it’s bid by $1 billion and create a slush fund of another $1 billion to deal with costs of the breach.  There are already dozens of lawsuits filed.

While these lawsuits are super annoying, they are going to be hard to win because people are going to have to show how they were actually harmed.

From the Verizon side, does it make sense just to cut your losses and move on?

Or do you try and buy it for, say, $1 billion instead of almost $5 billion?  It is clear that it is unlikely that Yahoo will have many other suitors any time soon.

It is also unclear how long Marissa Mayer can hang on.

Yahoo recommends changing your password, but it is not clear how to deal with compromised security question answers.  If you answered that your mother’s maiden name is Smith, that is hard to change.  This is why I recommend lieing on those questions.  If your mother’s maiden name was Smith, say it was Jones.  Or Cucumber.  The answer doesn’t really matter as long as you can remember it.

Information for this post came from BBC News.

[TAG:BREACH]

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code