|
Ogla



Registered: 02/16/04
Posts: 11,315
|
yahoo email breach
#23941966 - 12/19/16 11:02 PM (7 years, 1 month ago) |
|
|
Hey all. to those using yahoo, are yall worried about the breach? got this email a few days ago.
Quote:
Dear Freddy,
We are writing to inform you about a data security issue that may involve your Yahoo account information. We have taken steps to secure your account and are working closely with law enforcement.
What Happened?
Law enforcement provided Yahoo in November 2016 with data files that a third party claimed was Yahoo user data. We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in August 2013, stole data associated with a broader set of user accounts, including yours. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.
What Information Was Involved?
The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. Not all of these data elements may have been present for your account. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system we believe was affected.
What We Are Doing
We are taking action to protect our users:
We are requiring potentially affected users to change their passwords. We invalidated unencrypted security questions and answers so that they cannot be used to access an account. We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts.
What You Can Do
We encourage you to follow these security recommendations:
Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account. Review all of your accounts for suspicious activity. Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information. Avoid clicking on links or downloading attachments from suspicious emails.
Additionally, please consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.
For More Information
For more information about this issue and our security resources, please visit the Yahoo Security Issues FAQs page available at https://yahoo.com/security-update.
Protecting your information is important to us and we work continuously to strengthen our defenses.
Sincerely,
Bob Lord Chief Information Security Officer Yahoo
ive changed my password a few time since 2013, just dont know how to change the security questions. what yall think?
|
Repertoire89
Cat



Registered: 11/15/12
Posts: 21,773
|
Re: yahoo email breach [Re: Ogla]
#23941975 - 12/19/16 11:04 PM (7 years, 1 month ago) |
|
|
Respond with dick pics
|
Californian


Registered: 12/13/14
Posts: 81
Last seen: 1 month, 8 days
|
|
...August 2013...
Hard to believe, isn't it. I've had multiple accounts (not yahoo) compromised suspiciously over the past few years (Steam, Battle.net, uber). I highly suspect that the yahoo breach was associated with the events since all of the accounts were registered through the same email address.
I find it hard to trust online companies... they all get breached it seems. Makes me wonder about the shroomery now.... Lots of incriminating info floating around here. Would be a shame for that to get into the wrong hands. Hell, the "acronyms" probably already have their tentacles in this site.
The DEA cracked the guy from Silk Road from his posting history here on the shroomery (though they just used publicly shared information on that one).
|
sh4d0ws
LSx


Registered: 02/26/08
Posts: 12,086
|
|
There was a time period if I recall where Ythan felt shroomery could have been susceptible to a breach, but there was no evidence of any, they just found a problem and then fixed it.
I don't know much more about it but I remember getting the memo for us to change our passwords.
Might have only had to do with account info, though I am not sure.
The yahoo thing is sketchy but I haven't had a yahoo account in a long time. Still worrisome that even major companies like that seem to get breached online.
|
danielx
whatup!


Registered: 10/13/08
Posts: 6,500
|
Re: yahoo email breach [Re: Ogla]
#23942090 - 12/19/16 11:59 PM (7 years, 1 month ago) |
|
|
yahoo, LOL. Grandma, is that you?
-------------------- Long live kratom
|
demiu5
humans, lol


Registered: 08/18/05
Posts: 43,948
Loc: the popcorn stadium
|
|
Quote:
Californian said: The DEA cracked the guy from Silk Road from his posting history here on the shroomery (though they just used publicly shared information on that one).
link?
-------------------- channel your inner Larry David
|
Ogla



Registered: 02/16/04
Posts: 11,315
|
|
Quote:
Californian said: ...August 2013...
Hard to believe, isn't it. I've had multiple accounts (not yahoo) compromised suspiciously over the past few years (Steam, Battle.net, uber). I highly suspect that the yahoo breach was associated with the events since all of the accounts were registered through the same email address.
I find it hard to trust online companies... they all get breached it seems. Makes me wonder about the shroomery now.... Lots of incriminating info floating around here. Would be a shame for that to get into the wrong hands. Hell, the "acronyms" probably already have their tentacles in this site.
The DEA cracked the guy from Silk Road from his posting history here on the shroomery (though they just used publicly shared information on that one).
are you suggesting that prehaps law enforcement may be the breachers. Ive had my account since i was a youngen and use it for everything. the email says that bank accounts and card numbers are the target. Mostly im thinking its been so long that theres probably not much to worry about. Also, my gmail receives a message whenever the password is changed or someone tries logging into my yahoo. I forget the number of breached accounts, but like 5 million or something
|
Californian


Registered: 12/13/14
Posts: 81
Last seen: 1 month, 8 days
|
Re: yahoo email breach [Re: danielx]
#23942114 - 12/20/16 12:14 AM (7 years, 1 month ago) |
|
|
I gave my email address to someone and they literally laughed at me when I told them it was a yahoo.com. I guess I'm just not one of those bandwagoners who switched over to gmail back when I guess we all were supposed to.
At least it's not an aol account. Now that would either be embarrassing, or the hallmark of someone who is appreciative and hanging on to jewel of internet history.
|
Californian


Registered: 12/13/14
Posts: 81
Last seen: 1 month, 8 days
|
Re: yahoo email breach [Re: demiu5]
#23942117 - 12/20/16 12:15 AM (7 years, 1 month ago) |
|
|
Quote:
demiu5 said:
Quote:
Californian said: The DEA cracked the guy from Silk Road from his posting history here on the shroomery (though they just used publicly shared information on that one).
link?
I heard about it in this youtube video. The guy was exposing the vulnerabilities of using tor browser. Kindofa long watch if I recall.
t=19m14s
|
Repertoire89
Cat



Registered: 11/15/12
Posts: 21,773
|
|
Yahoo has 800 million accounts doesnt it?
So if you account for bots that makes about 30 users
|
Californian


Registered: 12/13/14
Posts: 81
Last seen: 1 month, 8 days
|
Re: yahoo email breach [Re: Ogla]
#23942129 - 12/20/16 12:19 AM (7 years, 1 month ago) |
|
|
Quote:
losfreddy said:
are you suggesting that prehaps law enforcement may be the breachers...
Not in the yahoo case, but I get suspicious on sites like shroomery. Not that I don't trust the guys. I'm very naive to internet security, so I have basically zero credibility with regards to things like this.
BTW, losfreddy, I love your profile pic. It's very cool. Did you make the collage yourself?
|
sh4d0ws
LSx


Registered: 02/26/08
Posts: 12,086
|
Re: yahoo email breach [Re: demiu5]
#23942135 - 12/20/16 12:24 AM (7 years, 1 month ago) |
|
|
Quote:
demiu5 said:
Quote:
Californian said: The DEA cracked the guy from Silk Road from his posting history here on the shroomery (though they just used publicly shared information on that one).
link?
that has nothing to do with how he got caught, however it is true that he did post about the silk road here on the shroomery one time, in an attempt to bring customers to his market
|
Californian


Registered: 12/13/14
Posts: 81
Last seen: 1 month, 8 days
|
Re: yahoo email breach [Re: sh4d0ws]
#23942149 - 12/20/16 12:33 AM (7 years, 1 month ago) |
|
|
Quote:
sh4d0ws said:
Quote:
demiu5 said:
Quote:
Californian said: The DEA cracked the guy from Silk Road from his posting history here on the shroomery (though they just used publicly shared information on that one).
link?
that has nothing to do with how he got caught, however it is true that he did post about the silk road here on the shroomery one time, in an attempt to bring customers to his market
I'd watch the video again. It provided a direct clue that got him caught. Also for the record, his post can still be found here. https://www.shroomery.org/forums/showflat.php/Number/13860995
See the last comment.
Quote:
In the section of the indictment outlining how the link between Ulbricht and Dread Pirate Roberts was established, Tarbell detailed how an FBI expert codenamed Agent-1 had located an early online mention of Silk Road dating to January 27, 2011, when a user under the handle "Altoid" made a post on a forum for users of magic mushrooms.
"I came across this website called Silk Road," wrote Altoid, in a post which linked to the site. "I'm thinking of buying off it... Let me know what you think."
Two days later, someone using the handle "Altoid" made a similar post on a forum called Bitcoin Talk, recommending Silk Road and providing a link. "Has anyone seen Silk Road yet? It's kind of like an anonymous Amazon.com. I don't think they have heroin on there, but they are selling other stuff," it read.
The posts, said Tarbell, were an attempt to drum up interest in Silk Road, employing the online marketing tactic of "astroturfing."
Investigators were given a major break when, eight months later, "Altoid" made another posting on Bitcoin Talk, stating he was looking for "an IT pro in the Bitcoin community" to hire in connection with "a venture backed Bitcoin startup company." The posting asked interested parties to contact rossulbricht@gmail.com.
If that doesn't spell it all out for you, then I dont know what possibly could. He got caught because he posted information on public forms that was directly linked to his personal information. The investigation started right here on the shroomery. If it wasn't for his silly mistake in reusing the account name "altoid" and including his REAL NAME as the email address associated with the account "altoid" on bitcoin talk, the investigators probably would have taken much longer to crack the mystery.
It's surprising to find out that anybody with an internet connection and some creativity could have come to the same conclusion as to who founded the website.
|
Repertoire89
Cat



Registered: 11/15/12
Posts: 21,773
|
|
Long liveth the Dread Pirate
|
LogicaL Chaos
Ascension Energy & Alien UFOs




Registered: 05/12/07
Posts: 69,369
Loc: The Inexpressible...
Last seen: 33 seconds
|
|
If u have sensitive info then i would be scared for sure.
Have u asked the email guy on how to change yer security questions?
|
|