Thanks Yahoo. Glad you're on top of things



  • A long time ago, I created a Yahoo account. I don't even remember why and haven't logged in since who-knows-when. This morning I received an email, sent to a Gmail account that I set up long ago specifically for those times when I don't want to give someone my real email address.

    (emphasis added by me)

    We are writing to inform you about a data security issue that may involve your Yahoo account information. We have taken steps to secure your account and are working closely with law enforcement.

    What Happened?

    Law enforcement provided Yahoo in November 2016 with data files that a third party claimed was Yahoo user data. We analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, we believe an unauthorized third party, in
    August 2013
    stole data associated with a broader set of user accounts, including yours. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.


  • Discourse touched me in a no-no place

    Hey, it's all good! It was only practically their entire user base:

    Why yes, they're criminally incompetent imbeciles. Why do you ask?



  • @lolwhat said in Thanks Yahoo. Glad you're on top of things:

    Hey, it's all good! It was only practically their entire user base:

    Why yes, they're criminally incompetent imbeciles. Why do you ask?

    Man, I hope that all of the news got the information from a heavily accented dude who actually said "one Brazilian accounts".


  • Discourse touched me in a no-no place

    @Sumireko That reminds me of a joke

    Donald Rumsfeld is giving the president [George W. Bush] his daily briefing. He concludes by saying: 'Yesterday, 3 Brazilian soldiers were killed'. 'OH NO!' the President exclaims. 'That's terrible!'

    His staff are stunned at this display of emotion, they watch nervously as the President sits, head in hands.
    Finally, the President looks up and asks, 'How many is a brazillion?'


  • area_can

    Thank goodness my !yahoo¡ password is something stupid and unique and I only use it for flickr



  • Looks like I only lost one Yahoo account. I had the same name at all their domains reserved, and one of them was asking me security questions that don't make sense (What's your youngest child's middle name? I have no children...).

    I did find some kind of rate-limiting on enabling two-factor authentication, and I only found it because I mis-clicked and turned it off right after enabling it (Yay insta-submit web forms!). It won't let me re-enable two-factor auth until tomorrow. :facepalm:

    I also found out that the Android email app requires you to put your password in twice, one for outgoing, one for incoming. Why would those ever be different? And why would they put the "Done" button up by the first password field and not give you any indication that you need to scroll past the "Done" button and fill out a second password field with the same password? :facepalm:



  • This isn't newsworthy at all.

    Mainly because Yahoo ALREADY lost billions of account credentials.


  • Impossible Mission Players - A

    @mott555 said in Thanks Yahoo. Glad you're on top of things:

    I also found out that the Android email app requires you to put your password in twice, one for outgoing, one for incoming. Why would those ever be different? And why would they put the "Done" button up by the first password field and not give you any indication that you need to scroll past the "Done" button and fill out a second password field with the same password?

    Toby fair, most email apps do this as well, except they hide it behind a "my outgoing mail server requires a..." wait a moment, it's the same regardless of client!

    I suppose mail clients play it safe by default? Only a few seem to make the assumption on first try...


  • sockdevs

    @Tsaukpaetra said in Thanks Yahoo. Glad you're on top of things:

    @mott555 said in Thanks Yahoo. Glad you're on top of things:

    I also found out that the Android email app requires you to put your password in twice, one for outgoing, one for incoming. Why would those ever be different? And why would they put the "Done" button up by the first password field and not give you any indication that you need to scroll past the "Done" button and fill out a second password field with the same password?

    Toby fair, most email apps do this as well, except they hide it behind a "my outgoing mail server requires a..." wait a moment, it's the same regardless of client!

    I suppose mail clients play it safe by default? Only a few seem to make the assumption on first try...

    indeed. there once was a time where you had different services for incomming mail versus outgoing and the servers themselves tended to be on separate physical boxes.... not so common that these days, but apps are slow to adopt new standards because every change.... well....

    0_1481816656246_upload-a96cc1bc-a7f9-4389-9493-9abc1975471a


  • Impossible Mission Players - A

    @accalia said in Thanks Yahoo. Glad you're on top of things:

    @Tsaukpaetra said in Thanks Yahoo. Glad you're on top of things:

    @mott555 said in Thanks Yahoo. Glad you're on top of things:

    I also found out that the Android email app requires you to put your password in twice, one for outgoing, one for incoming. Why would those ever be different? And why would they put the "Done" button up by the first password field and not give you any indication that you need to scroll past the "Done" button and fill out a second password field with the same password?

    Toby fair, most email apps do this as well, except they hide it behind a "my outgoing mail server requires a..." wait a moment, it's the same regardless of client!

    I suppose mail clients play it safe by default? Only a few seem to make the assumption on first try...

    indeed. there once was a time where you had different services for incomming mail versus outgoing and the servers themselves tended to be on separate physical boxes.... not so common that these days, but apps are slow to adopt new standards because every change.... well....

    0_1481816656246_upload-a96cc1bc-a7f9-4389-9493-9abc1975471a

    imap.mail.yahoo.com and smtp.mail.yahoo.com?


  • sockdevs

    @Tsaukpaetra said in Thanks Yahoo. Glad you're on top of things:

    @accalia said in Thanks Yahoo. Glad you're on top of things:

    @Tsaukpaetra said in Thanks Yahoo. Glad you're on top of things:

    @mott555 said in Thanks Yahoo. Glad you're on top of things:

    I also found out that the Android email app requires you to put your password in twice, one for outgoing, one for incoming. Why would those ever be different? And why would they put the "Done" button up by the first password field and not give you any indication that you need to scroll past the "Done" button and fill out a second password field with the same password?

    Toby fair, most email apps do this as well, except they hide it behind a "my outgoing mail server requires a..." wait a moment, it's the same regardless of client!

    I suppose mail clients play it safe by default? Only a few seem to make the assumption on first try...

    indeed. there once was a time where you had different services for incomming mail versus outgoing and the servers themselves tended to be on separate physical boxes.... not so common that these days, but apps are slow to adopt new standards because every change.... well....

    0_1481816656246_upload-a96cc1bc-a7f9-4389-9493-9abc1975471a

    imap.mail.yahoo.com and smtp.mail.yahoo.com?

    saw that one coming. I bet Yahoo doesn't even know what servers in their data center those boxes actually are. they probably have thousands of servers in there doing absolutely nothing but they don't dare turn off because they don't know that the servers aren't doing anything....

    they probably haven't actually upgraded their infrastructure in fifteen years.


  • area_pol

    An interesting situation where a company has a lot of tempting user data from its glorious past but no longer has the resources to fight the demanding security war.

    This will be even more hilarious when Facebook or Google lose their dominant position and their data will be stolen by scavengers.
    (And they will die at some point. Even the Roman Empire did not last forever)



  • :laughing:

    While a Verizon group led by AOL Chief Executive Officer Tim Armstrong is still focused on integration planning to get Yahoo up and running, another team, walled off from the rest, is reviewing the breach disclosures and the company’s options

    Why is Verizon trying to put themself out of business?
    Yahoo? AOL? What's next? Radio Shack?


  • Discourse touched me in a no-no place

    @mott555 said in Thanks Yahoo. Glad you're on top of things:

    I also found out that the Android email app requires you to put your password in twice, one for outgoing, one for incoming. Why would those ever be different?

    I used to need that separated due to dumb misconfigurations.


  • Discourse touched me in a no-no place

    @accalia said in Thanks Yahoo. Glad you're on top of things:

    they probably haven't actually upgraded their infrastructure in fifteen years.

    They'll have tried to replace like for like (except faster). If the machines were ever separate, they'll be separate now because nobody dares try to figure out if they can be merged. Or they're really the same machine now, but kept as separate names so that they don't have to be the same machine in the future. I've seen both scenarios.


  • Discourse touched me in a no-no place

    @El_Heffe said in Thanks Yahoo. Glad you're on top of things:

    Why is Verizon trying to put themself out of business?

    Because they really want to have control over Tumblr.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.