In a statement published recently in an update about the 2013 breach Yahoo has now confirmed that Every single one of the 3 Billion odd accounts registered with them in 2013 where compromised.
This was the discovery of an unnamed security consultant.
“We recently obtained additional information and, after analyzing it with the assistance of outside forensic experts, we have identified additional user accounts that were affected,” Yahoo officials wrote in the update. “Based on an analysis of the information with the assistance of outside forensic experts, Yahoo has determined that all accounts that existed at the time of the August 2013 theft were likely affected.”
Passwords were stored as weak MD5 algorithm hashes.
In 2017 MD5 and cleartext are essentially equivalent due to the ease of cracking MD5. Meaning that anyone with a copy of the Yahoo data has likely deciphered just about every single password.
Hmmm while I’m glad that I deleted my Yahoo account more than a decade ago. My mum still uses it. I’m going to try and convince her to change email service provider. Any suggestions?
That would only matter if the person hasn’t changed their password in 4 years. I have two yahoo accounts and have changed the password multiple times since and have 0 concern.
Wouldn’t these ones also be somewhat useless if its the policies that youre after? these were passes from 2013 and policies have probably improved. Also arent most yahoo accounts old accounts that existed way back in the day?
pardon the noob questions. I dont really know much about this field