Yahoo revises number of hacked accounts from 500,000,000 to 3,000,000,000


#1

Originally published at: https://boingboing.net/2017/10/03/phishers-paradise.html


#2

“Every single Yahoo account was compromised by hackers” -Business Insider headline.


#3

Excuse me, has anyone seen my order of magnitude around here ? I seem to have lost it.


#4

I think I last set my Yahoo password to something like “whatafuckingshityjoke”. There are probably hundreds with that.


#5

I think it’s safe to say Yahoo’s overall prospects are on the wane :wink:

What’s a bit concerning is that email in general, like many ‘industries’ , has been subject to massive consolidation. Unless you want to pay for services like hushmail - there aren’t many options left. And that’s where they get you.

If you haven’t already seen why this can be a problem, John Oliver to the rescue!


#6


#7

That’s actually not too bad a password.


#8

yes - it kinda fits the XKCD formula from days of yore:


lol


#9

I might have added a 5 on the end.

I’ve been tempted to run a mail server on a Pi just to see who’d even try to deliver to a no-ip.biz domain on a dynamic IP address. But… making sure that it’s secure would be a problem. Perhaps a test Pi with nothing else, no access to the rest of the LAN, and have another Pi watching it?


#10

My next web app will just have some public spreadsheet where people can enter their names on.


#11

Hah!
I’m not sure what the answer is. Even if you build your own exchange server you are somewhat beholden to Microsoft.

I ran a quick search expecting some smaller nations to provide email/electronic communication services for citizens and came up with nada.

Leaves people trying to funky things with Raspberry Pi - which of course is awesome in its own way.


#12

If our “secret” questions were exposed you’d think Yahoo would make it easy to log into our accounts and see what we used for those questions. I can’t find any method of doing so outside of - maybe - doing a lost password reset.

What utter BS.


#13

can eveyrbody reading this see me now? …hello…what am I doing?


#14

CORY!!! Oh… not Cory? Oh, Yahoo


#15

Running your own mail server almost isn’t an option any more.

I ran one from home, but lots of big email servers wouldn’t accept mail from me - for example I could not send to hotmail or gmail users. They blocked me, because the domain name of my email server (rustybrooks.com) did not match the reverse lookup of my IP address (something-random-dhcp.att.net)

So my choices would then be to rent a dedicated server at Rackspace or something, pay AWS for mail services, or I suppose get a static IP address for home. All of these cost money. Running my own server at home on a fiber service didn’t cost me anything extra except my time.

Oh well. I pay google a buck or two a month to do it for me now.


#16

Well, the odd time I’ve attached a computer directly to the Internet (and it makes me uncomfortable every time I do it), the logs were noting an access attempt every 2-4 seconds.

Didn’t notice much on port 25 (mail), but you are probably in for a lot of hacks attempts if port 22 (ssh) is open. I’d say 20% of the attempts were ssh logins.


#17

500,000,000 to 3,000,000,000

Virtually the same number when you get right down to it.


#18

This is implausible merely because 3 billion Yahoo accounts doesn’t seem very plausible. Maybe just spam accounts? Even back in the day when it was relevant there was competition from hotmail (pre-MS) and altavista.


#19

But the guy at the end of Frequency (the movie not the more recent series) used his time-travelling radio to convince his childhood friend to invest in it! Maybe they weren’t such great friends.


#20