Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Databases Security Yahoo! Businesses Communications Privacy Social Networks Software The Internet Technology

Yahoo Insiders Believe Hackers Could Have Stolen Over 1 Billion Accounts (businessinsider.com) 125

An anonymous reader quotes a report from Business Insider: The actual tally of stolen user accounts from the hack Yahoo experienced could be much larger than 500 million, according to a former Yahoo executive familiar with its security practices. The former Yahoo insider says the architecture of Yahoo's back-end systems is organized in such a way that the type of breach that was reported would have exposed a much larger group of user account information. To be sure, Yahoo has said that the breach affected at least 500 million users. But the former Yahoo exec estimated the number of accounts that could have potentially been stolen could be anywhere between 1 billion and 3 billion. According to this executive, all of Yahoo's products use one main user database, or UDB, to authenticate users. So people who log into products such as Yahoo Mail, Finance, or Sports all enter their usernames and passwords, which then goes to this one central place to ensure they are legitimate, allowing them access. That database is huge, the executive said. At the time of the hack in 2014, inside were credentials for roughly 700 million to 1 billion active users accessing Yahoo products every month, along with many other inactive accounts that hadn't been deleted. In late 2013, Yahoo CEO Marissa Mayer said the company had 800 million monthly active users globally. It currently has more than 1 billion.
This discussion has been archived. No new comments can be posted.

Yahoo Insiders Believe Hackers Could Have Stolen Over 1 Billion Accounts

Comments Filter:
    • Is that a british Billion or a USA billion?

      Perhaps we can forever rid ourselves of the english language uncertainty over the definition of a billion by renaming the US billion to a "Yahoo".

      • by Anonymous Coward

        Is that a british Billion or a USA billion?

        The so-called "British Billion" you refer to (i.e. 10^12, or a "long" billion) is all but obsolete in the United Kingdom. Nowadays the "short" version used in the US (10^9) is the accepted standard definition of "billion" here too.

      • Is that a british Billion or a USA billion?

        Perhaps we can forever rid ourselves of the english language uncertainty over the definition of a billion by renaming the US billion to a "Yahoo".

        My best attempt at the 1111 then a slash across the 4 for 5. then again for 10 and on till 500 million.

        I'm attempting to access yahoo.com at the moment having a bit of a problem with my password :)

        • >

          I'm attempting to access yahoo.com at the moment having a bit of a problem with my password :)

          Took some time and lots of sms traffic but got in, now I'm just going to delete the account.

  • All of it (Score:3, Insightful)

    by Anonymous Coward on Saturday October 01, 2016 @08:14AM (#52993827)

    Just say they stole all the accounts. It's also simpler to say: "Everyone who's had a yahoo account (and still cares about it) change your passwords now."

    • by gweihir ( 88907 )

      Naaa, that may drive customers away. Oh, wait....

    • by rtb61 ( 674572 )

      So what is the value of the information appropriated, where they stolen, or was there an executive level, golden parachute scheme, what with M&M her M&Ms on the way out, how much could that data access have been sold for, how many millions.

  • by MightyDrunken ( 1171335 ) on Saturday October 01, 2016 @08:27AM (#52993851)

    Unbelievable!

    700 million to 1 billion active users accessing Yahoo products every month

    Oh and the hacking thing.

    • Unbelievable!

      700 million to 1 billion active users accessing Yahoo products every month

      Oh and the hacking thing.

      okay that was funny - mods are asleep at the wheel today.

  • Probably one of the worst CEOs ever, down there with Stephen Elop.
    • by gweihir ( 88907 )

      Well, Charley Fiorina did pretty badly as well, but I guess these alpha-women must outdo each other. Maybe Meg Whitman can get back into the race again if she manages to kill IBM...

      While I know a few quite competent female engineers and scientists, these female CEOs seem to be intent to be much worse than the average male CEO.

  • After having my gmail account hijacked a few years ago, I began using a password generator/storage program on my desktop and changed passwords to unique passords for everything. It's damn hard to remember passwords such as '67zu2tLqWdfaXe6hV6m5,' but nobody is going to stumble upon it.

  • by Shane_Optima ( 4414539 ) on Saturday October 01, 2016 @12:28PM (#52994549) Journal
    So, here is the way to fix this sort of thing using very old, very simple, freely-available tech:

    First, all passwords are hashed with salt on the client. If you want to protect a bad (brute force-able) password, you could use secret salt (i.e. a keyfile) hashing layer separately but for maximum portability known salt (like the base domain, "yahoo.com") should be used. This will protect good passwords from being brute-forced without something on the client being compromised, and offers strong protection for password reuse (regardless of whether or not reuse with different services is ill-advised, it will always happen.)

    Ideally, this needs to happen via a special API call to the browser itself and not by scripting on the website. The browser is already aware of password fields (this is how it offers to remember logins for you) and thus can in principle alert you whenever an insecure passfield field (or whenever 'no legitimate password field') is present. This would prevent all but the most careless users from having a spoofed website discover their plaintext passwords. I would much prefer that the browser itself handle this hashing but even a javascript implementation of client-side hashing would be a huge improvement over the status quo, primarily because the presence of client-side hashing can be easily detected and audited whilst we have to take them at their word if they claim to be doing this all securely on the backend. (And also because a client-side hash reduces the attack surface such that a database breach or HTTPS attack alone is insufficent--with JS client-side hashing, only a successful website spoof that is undetected by the browser would reveal the plaintext password.)

    Next, on the server side, the already client-hashed password is hashed a second time prior to being stored in the database. What does this accomplish? I'm glad you asked! What this means is that a simple read-only database breach does not allow an attacker to log into anyone's account. This is because if they try to use the value stored in the database (post server-hash), it will be hashed a second time prior to being compared to the value in the database, and this second hashing will result in a mismatch. Thus, a successful attack would need to either intercept the pre-server hash value in memory (a much more difficult feat, and one that will only reveal users that log in while the attack is in progress), or they need write permission to the database to overwrite the password, which should sound the alarm in two ways: one by (hopefully) causing database integrity checks to fail, and another by locking users out of their accounts.

    The upside of all of this: Good passwords remain safe to reuse on other websites (so long as everyone uses these standards. Websites and apps refusing to use these standards should be aggressively warned against.) Even with bad passwords, it's much harder for attackers to gain access to accounts, and the number of accounts compromised should be reduced. And the CPU load of doing this hashing should be minimal compared with the overhead that HTTPS already imposes.

    Now tell me, can anyone explain why this isn't happening yet? This sort of thing would allow us to stop insisting that the most important thing users need to do is memorize a different quality password for every single account they have (impossible for most people.) The elbow grease to do this is minimal and with enough of an outcry, we could easily shame these big name companies into adopting these standards.

    (And please, for all you anonymous cowards who want to tell me that hashing with known salt values are useless... go educate yourself on the properties of cryptographically-secure hash algorithms. I don't care about pre-computed rainbow tables. This isn't about protecting weak passwords from brute force attacks. Once offline attacks become possible--which happens whenever a hashed value becomes known, provided the hashing algorithm and salt are both k
    • To clarify: this offers only weak (time-delay) protection for bad passwords. Bad passwords (ones that can be brute forced with offline analysis) would still need to be updated as soon as possible if a database breach happens whilst using this system, but it should still buy some time for people to do this. The only strong protections that can be offered for bad passwords are online delays (which immediately becomes useless once the database is compromised by an attacker) or secondary verification steps (sec
    • Second clarification: A collision attack on the hashing algorithm does present a problem under this scheme, but it is not a problem that results in the plaintext password from being known. The moment a feasible collision attack with known salt becomes known, the server can safeguard themselves by simply change their hashing algorithm and urges all users to log in as soon as possible, but note two things here:

      1. The users do not need to change their password (particularly if it's a strong password, or i
      • The client also needs updating if the client's hashing algorithm is vulnerable to collision attacks, but assuming we're talking about a widely-adopted standard that uses a single service (preferably built into the browser itself), this would be a one time update that (assuming automatic security updates are enabled) wouldn't require special action on the part of the user.
    • by gweihir ( 88907 ) on Saturday October 01, 2016 @01:20PM (#52994773)

      Please do not listen to this person. He is really, really clueless.

      • You are ignorant of simple cryptographic truths and it is very. very sad (because you are definitely not the only one.)

        Go read up on cryptographically secure hashing and explain to me how my system would fail to prevent the attacks I describe.
        • by gweihir ( 88907 )

          You wish. There are no "cryptographic truths" when you implement anything in practice and, implemented in practice, your "solution" makes things worse. That is one of the reasons why basically nobody competent uses your broken scheme.

          But I am not surprised. Amateurs like you think that if you just encrypt right and authenticate right, you are secure. Nothing could be farther from the truth. Crypto is one small building stone in the whole. And no, I am not going to fix your broken idea, I have about 30 year

          • I don't care about terminology quibbles. I've already repeatedly stated elsewhere that I'm not a professional. If you do know anything at all about cryptography, I am assuming that you understood what I mean. Hashing functions can more either more or less secure when it comes to collisions or leaking information about the information being hashed. In my post, I was referring only to the most secure hash functions available.

            The fact is that passwords are being routinely being stored in plaintext and thi
            • by gweihir ( 88907 )

              Get at the very least 10 year professional practical experience with crypto, then come again and complete your theoretical knowledge, because that is as well lacking. You are so clueless it is painful. Application of cryptography is one of the hardest fields in Computer Science, and amateurs cannot contribute because they lack the basic understanding required. Sure, this sounds arrogant, but there is no helping that because it happens to be true. Would you suggest new ways of doing brain-surgery without bei

              • You've yet to give a single concrete criticism of my ideas except that I said "cryptographically secure hash" instead of "iterated hash." You know why I said that? Because I don't KNOW what the most secure hashing method is, the precise details of its operation, or what it is officially named! It's your job to know that shit. You. The alleged professional.

                This is just pitiful. A 5 digit ID and an alleged professional and the best you can do is a hand-waving appeal to your alleged professionalism. You c
                • by gweihir ( 88907 )

                  Fascinating. The only thing you are demonstrating here is a very much over-sized ego. And incidentally, you are not the least bit unique. I have seen a lot of broken crypto designs over the years, yours is just one more.

                  • You've no idea. This isn't about ego at all; I simply enjoy watching people make asses of themselves. Feel free to call me a sadist, if that makes you feel any better.

                    And it turns out, I can do your arguing for you! I found another crypto "expert" that I'm IMing at the moment and just like you he threw a hissy fit at first, but after 45 minutes he was forced to concede every single one of my core claims, while still claiming that it would never work in practice because they would never do it, which isn't
                    • The fact that you think this about ego really says it all. You think that I think that this is some brilliant, complex, end-all and be-all solution. I explicitly said it wasn't. It isn't a credit to my intellect, not in the slightest. It's a 'credit' to yahoo's stupidity that they didn't do this. And it's a credit to yours that you've posted like what, perhaps ten pointlessly hand-waving posts of zero content, arguing that my ideas are broken because you have more than ten years of experience, that's why!
      • People who've modded this up: Please post AC to explain to me why my system would not work. I look forward to clarifying and/or educating you about how hashing works.
      • Alternatively, here is a message to other mods: an absence of such explanation should be indicative of the fact that these naysayers have, in fact, no idea what they are talking about. And so you really should mod me up as informative, not because I need the karma (I don't), but because we really need to raise awareness that these sorts of security breaches could be mitigated and minimized with a trivial amount of effort.

        These extra protections are primarily for those users who have strong passphrases t
        • by gweihir ( 88907 )

          No. They are just fed up with any moron that thinks they can do better than the actual experts. And while there are not many actual experts, there is an endless supply of morons. Hence this argument cannot hold water at all.

          • A thousand dollars if you can back up your bullshit with sound rebuttals. I'm serious.

            Typos and misparsing of sentences from my original very quickly written post do not count--I've already given you multiple clarifications of what I'm intending here and what the benefits would and would not include.
            • by gweihir ( 88907 )

              $1000 buys you about 4 hours of my time. I do not take jobs below 5 days. And I do not take "convince a moron or do not get paid" jobs either.

              Sure, I can tell that you are pretty smart, but what makes you a moron is that you think you are much smarter than you actually are. And that makes you fail at recognizing the actual difficulty-levels of things. To use crypto right you have to be pretty smart _and_ you need a lot of experience. One decade is on the low side and that is after at least a full CS master

              • I don't have to be a car expert to know that you don't want to put your antifreeze-water mixture into the gas tank.

                Provided the summary here is accurate (this was a database leak only and yet accounts that were offline had their login credentials compromised, with no comment about the strength of the passphrase mattering), this is a fuckup of the highest order here and yet you apparently haven't offered a word of technical criticism of it.

                Thus, I think it's reasonable to conclude that you are a trol
              • Pretty sure you've given up at this stage, as you obviously don't have the knowledge or the chops to actually engage me in a debate. I was trained in an extremely technical field and I could and still can debate any point with which I was familiar with anyone, layman or not.

                I don't have the time to give you a good picture of humanity's true nature but I will tell you this: appeals to authority usually mean almost nothing, and I've never underestmated the ability for people to engage in and promote incomp
                • by gweihir ( 88907 )

                  Keep telling that to yourself, eventually you may believe it. Fact of the matter is that it is a complete waste of my time engaging with you. The defects in your design are obvious to anybody with in-depth experience. They are not obvious to you. I cannot fill in your lack of experience.

                  • Hey, it looks like all of your friends around here think I'm wrong because they seem to think that "hash" means a single default invocation of whatever CLI version of sha they have lying around, without any regard whatsoever to the size of input and output.

                    Is that what you thought? Is your brain so ossified that you cannot conceive of the fact that, in the presence of input maximums (which all websites have with the password fields), it is in fact entirely possible to construct a hash algorithm that doe
                  • Or is this a jargon issue? Am I wrong because I didn't say "key derivation function" instead of "hash"? I really don't care. I'm not even going to look it up on wikipedia; I've no desire to learn about the intricacies of your silly little DSL; I don't need to in order to understand that the incompetence of your industry is screwing over millions of people. You know my solution is entirely effective, because it does not decrease security (properly implemented) and unlike server-side stuff is it actually
      • well if he is clueless then prove it. saying hes clueless and not saying why is trollish IMO.
        • Yup. I just offered $1000 to the first person to prove me wrong on my main points here (with some caveats.) I mean it, too.

          I'm not a security professional or even an IT professional; I just understand things. That unfortunately puts me at a disadvantage in these sorts of conversations. The world doesn't need more false modesty. I may not have used the precisely correct or most common terminology, or laid it out in exacting detail with every single sentence double-checked (because this was a 10 minute sla
        • Update: Half a dozen posts later and the best he can come up with is continually criticizing me for not having a CS degree and ten years of experience. A undisguised appeal to his alleged authority and insults... that is literally all he has.

          Oh yes, there's that and he objected to me saying "cryptographically secure hashing" and in his very next post he disparaged me for not mentioning, by name, "iterated hashing" because according to him, non-iterated hashing is insecure. I'll let you connect the dots
          • Well i only seen this if hes following you just ignore or say put up or shut up not much else ya can do. I would have modded him flame bait or troll if i had mod points at the time i didn't so i commented. Too many trolls abuse this site anymore its a damn shame.
      • Nothing? No response at all? How's this then: $1000 to the first one to show how my primary claims here are wrong.

        Before attempting this, please be sure to read all of my clarifications (particularly on the benefits this provides to weak vs. strong passphrases). No reward will be given for typos or any incorrect parsing of individual sentences.
        • by gweihir ( 88907 )

          Hahahaha, funny. Offering a pittance (this will not even buy one of my days as an expert) and no assurance you will pay because, surprise!, you are the judge of what qualifies as proof and you already have demonstrated pretty bad judgment.

          • I'll put it to a slashdot vote. If they vote that you've rebutted the core of my argument (not quibbled over about individual sentences from a hastily written post that was never intended as a doctoral dissertation), you get the money.

            Come on, you old-timer fraud. Put up or shut up. You're either too lazy to read what I've said in detail or you know I'm right and you're continuing on out of stubbornness.
          • by gweihir ( 88907 )

            I just had a second look and realized you do not even seem to have heard about _iterated_ hashing, which is the standard for now > 40 years (UNIX-passwords started it, I think, and at that time they did not even have proper crypto-hashes). And that is already an outdated thing as it is considered not secure enough in an age where graphics-cards get ever more powerful. I am sure you have not heard of things like Argon2 (that fix iterated hashing) either.

            So, seriously, how incompetent can you get? Talk abo

            • I proposed a fix for an existing problem. You said my fix was broken.

              If you, the alleged professional, want to improve on my fix then I'm sure you could. That does not change the fact that my fix is in fact a fix that is objectively superior to the way these assholes are currently conducting things. And it doesn't change the fact that my fix is not actually broken, merely that it requires fleshing out.

              And I never said it didn't. This was obviously a 5000 foot proof of concept thing that I literally bas
            • Also, as I stated in one of my early clarification posts, by "cryptographically secure hash" I was referring to the most secure hashing functions available regarding leakage or collisions. If the most secure hashing function is a form of iterated hashing than that's the one I was referring to.

              This is like me criticizing someone for using a longhaired Chihuahua as an attack dog, and your response is that I'm a moron and my suggestion is "broken" because that's really a Pomeranian, not a Chihuahua. Congr
    • A comprehensive clarification of where I stand and what I claim can be found here: https://slashdot.org/comments.... [slashdot.org]

      I don't doubt that this is well-tread ground. I never claimed to be an expert. So, whatever existing product there may be accomplishes the same basic goals as my scheme--use that instead. My overarching point is that he status quo is not acceptable and that some form of client-side hashing (or pseudo-hashing) must be present to mitigate the potential incompetence of people running the ser [slashdot.org]
  • I don't believe a word of it. If it were true, they would lie and say something else. Their only reason for announcing this is to manipulate the public opinion and to cover their corporate asses and branding. The fact is, if they announce a billion stolen passwords then I guess we no longer can accuse Yahoo of selling them, or the rest of the data mine that goes with it. And Verizon can't be blamed either, they never had control of the treasure. The timing of this announcement, to a degree of truthine

  • How many mail accounts does Yahoo have?

    That's how many were compromised.

  • IANAL, so, any around? How about a million small claims? Think Crypto Wars here: FBI's Comey said that they were waiting till next year for an "adult conversation about encryption" after collecting data this year. Collecting data? How 'bout a data point like: Poor Security = Enormous Financial Consequences. Fast. Did Yahoo encrypt everything, every connection? Could encrypting everything have been part of a comprehensive security plan? *I* didn't have a Yahoo account ;-) but if I did I think I just m

White dwarf seeks red giant for binary relationship.

Working...