Yahoo! accounts hacked... two years ago!

[Deozaan]

Yahoo just announced yesterday about this hack that took place 2 years ago:

Yahoo announced on Thursday that the account information of at least 500 million users was stolen by hackers two years ago, in the biggest known intrusion of one company’s computer network.

In a statement, Yahoo said user information — including names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions — was compromised in 2014 by what it believed was a “state-sponsored actor.”

-http://www.nytimes.com/2016/09/23/technology/yahoo-hackers.html

from New York Times

[Deozaan]

I just saw that this was mentioned in this other thread:

The Hostile Email Landscape

[Deozaan]

Ugh...

I just went to change my Yahoo account password and used a password generator to generate a very long password. I entered it into the "new password" and "confirm password" fields and thought it looked a lot shorter than the one I generated.

It turns out that they truncate it to 32 characters without telling you.

Why are companies so inept at allowing people to use secure passwords?

[Shades]

Their name actually says it all...they are just a bunch of yahoos.

If y! indicates that the max length of a password is 32 characters it wouldn't be such a big deal. A password of 32 characters will take quite some time to brute-force (assuming they take precautions such as hashing and salting). But I am not surprised if they don't mention this limit. For a company that has/had so much to do with communicating, they sure don't do enough of that themselves.

y! sure has fallen...