PSA: Yahoo Hacked in 2014

Discussion in 'Community Discussion' started by Aikar, Sep 22, 2016.

  1. 1. Minecraft main account (_cTJ_) was hacked

    2. Yahoo account is about to be hacked

    3. Next up, what, YouTube? Twitter? Instagram?
  2. I am not sure my minecraft account will be hacked anytime soon, I don't know the password myself. Glad to see you are warning the community :)
  3. This hasn't been mentioned:

    If you are able to - set up 2 factor authentication.

    If you don't have a phone, some sites may allow you to use an authentication app (like WinAuth)
    This allows for the app to get a random generated code (usually 6 characters) that resets every few seconds
    Put this into the login system before it is re-generated to login.

    If you 'do' have a phone - you may set up 2 factor authentication with yahoo:
    They will call your phone, text your phone, or set up a mobile access using temporary alternative passwords
  4. You haven't typed in an email that was affected by a breach then. A random email that doesn't exist will obviously say that it hasn't been leaked since it doesn't exist.

    All it does is searches a database for emails that are known to have been leaked
  5. Patr1cV, TromboneSteve and no_thing like this.
  6. That's why we switched back 2 years ago... I thought it was a typo in the title. :p
  7. I knew Verizon shouldn't have bought this crap. Come on Verizon! You should know better!


    Disclosure : Long VZ anyway.
  8. Who uses yahoo? seriously.
    legoace61 likes this.
  9. Just typed in my email to that site and it looks like some mcpe server I used a long time ago had 7 million accounts stolen :p my password was so dumb I can't even remember it. Hope they enjoy my account on some pocket edition server I haven't used in 2 years :D
  10. wait... yahoo is still relevant? I thought it was pretty much dead. Alright then.
  11. The scary thing is the data they took, “unencrypted security questions and answers”. I had a Yahoo account back in the day which I have not the slightest idea what my username was or what email I associated with it (likely WH40k related username), so I am not in the least bothered about any of that but the security questions are still relevant. My first pet is still my first pet, my mothers maiden name hasn't changed and I wasn't born in a different hospital in the intervening years. These security questions could be used to gain access to other accounts.
  12. This is also why I never answer those questions truthfully and why I also professionally suggest not to do so. Make something up and store it somewhere safe, just like your password.

    The problem, especially for those who are active on social media is when you answer those questions truthfully then they can be traced back to you. So when someone starts digging into your publically shared data then they may uncover much more relevant info than you want. And the rest might be traceable through other sources (birth registration for example).

    Of course the depth of the risk depends on how they're using those questions. Mojang for example does a good job in my opinion: you provide a password and only when they notice that you're from another location do they use those questions.

    But a little paranoia on the Innernets goes a long way!
    Pab10S, JesusPower2 and TromboneSteve like this.
  13. ok, to be fair, i got a hemmy down account from my mom and even then i dont use it anymore lol
  14. Same. Also, because companies share information about their users.

    And also, there is awareness of hackers stealing data...but seemingly not much awareness of employee theft of data. Internal data theft is not new. Probably just hear less about it because it's not counted as a security breach.
  15. Dumb question alert:
    Does this affect the btinternet email strand of yahoo or just the @yahoo.com email?
    also is there a way to see if your account was breached? lol most companys that are hacked have a website where when they are hacked you put your email in and they see if your email and password was breached :p
  16. There is a page to find out if your BT email is a yahoo service here. If it is you can get advice from BT here.
    607 and ShelLuser like this.
  17. thanks apparently I'm on a btmail and not bt yahoo phew!