Yahoo Gets 5 Strikes

Yahoo has made mistake after mistake after mistake. It is time to reconsider them and perhaps close your account.

Mistake Number 1

In 2014 Yahoo lost information from over 500 million accounts. That is a lot of accounts. They do not seem to have figured out what they lost. This beats their previous record of 450 million lost accounts in 2012. Information lost seems to include security questions, date of birth, names, phone numbers and linked email address (such as addresses you forward Yahoo email to, or used for account recovery.

We do not know how the passwords were hashed, but some were hashed in with an older less secure method, some with a newer much more secure method. How many? Whose? Yahoo will not say.

Since companies are required by law to inform customers of any security breach like this, some senators have written their CEO for an explanation.

Mistake Number 2

Yahoo hid the loss from customers. They didn't own up to the loss until 200 million accounts were put up for sale on the dark net. They kept their users at risk. Proper procedure is to inform your users and require a password reset.

Mistake Number 3

They still haven't cleared up exactly what happened and what they are doing about it.

Mistake Number 4

Apparently, they gave your email information, all of it, or some, from all users or some, to the NSA. My guess is that they charged the taxpayers a lot to pay for processing and code writing, but that is my speculation. Otherwise, why do it? The code used to compromise your account, made their entire system less secure according to their own chief of security. The Chief of Yahoo Security (now working for Facebook) was not informed of the NSA breach, but apparently, the code was very weak and mistake ridden. He left the company in protest.

Mistake Number 5

When the above mistakes were revealed, many people, myself included, closed our unused Yahoo accounts. Many of them had their Yahoo mail forwarded to new Gmail accounts or other email accounts like Outlook.com or a corporate account. This gave them a transition so their contacts could continue with the old address for a while and it would get forwarded. You know, like the post office does.

So, Yahoo suspended users ability to create a forwarder trying to hold customers captive.

Conclusion

Eventually, you need to give up on a company. I suggest these steps:

Change your Yahoo Password and all security questions
Delete all your Yahoo mail. Copy or send what is needed to another account.
Close your Yahoo account. Here is the link to their explanation of how to terminate your account.
Here is their terminate your account link.

Even if you don't want to close your Yahoo account, you should change the password and any security questions.

Resources

Sophos security company report:
Letter sent to Yahoo by Senator Leahy and others:
Yahoo and the NSA

Date: October 2016

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Yahoo Gets 5 Strikes Yahoo has made mistake after mistake after mistake. It is time to reconsider them and perhaps close your account. Mistake Number 1 In 2014 Yahoo lost information from over 500 million accounts. That is a lot of accounts. They do not seem to have figured out what they lost. This beats their previous record of 450 million lost accounts in 2012. Information lost seems to include security questions, date of birth, names, phone numbers and linked email address (such as addresses you forward Yahoo email to, or used for account recovery. We do not know how the passwords were hashed, but some were hashed in with an older less secure method, some with a newer much more secure method. How many? Whose? Yahoo will not say. Since companies are required by law to inform customers of any security breach like this, some senators have written their CEO for an explanation. Mistake Number 2 Yahoo hid the loss from customers. They didn't own up to the loss until 200 million accounts were put up for sale on the dark net. They kept their users at risk. Proper procedure is to inform your users and require a password reset. Mistake Number 3 They still haven't cleared up exactly what happened and what they are doing about it. Mistake Number 4 Apparently, they gave your email information, all of it, or some, from all users or some, to the NSA. My guess is that they charged the taxpayers a lot to pay for processing and code writing, but that is my speculation. Otherwise, why do it? The code used to compromise your account, made their entire system less secure according to their own chief of security. The Chief of Yahoo Security (now working for Facebook) was not informed of the NSA breach, but apparently, the code was very weak and mistake ridden. He left the company in protest. Mistake Number 5 When the above mistakes were revealed, many people, myself included, closed our unused Yahoo accounts. Many of them had their Yahoo mail forwarded to new Gmail accounts or other email accounts like Outlook.com or a corporate account. This gave them a transition so their contacts could continue with the old address for a while and it would get forwarded. You know, like the post office does. So, Yahoo suspended users ability to create a forwarder trying to hold customers captive. Conclusion Eventually, you need to give up on a company. I suggest these steps: Change your Yahoo Password and all security questions Delete all your Yahoo mail. Copy or send what is needed to another account. Close your Yahoo account. Here is the link to their explanation of how to terminate your account. Here is their terminate your account link. Even if you don't want to close your Yahoo account, you should change the password and any security questions. Resources Sophos security company report: Letter sent to Yahoo by Senator Leahy and others: Yahoo and the NSA Date: October 2016 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk