Thoughts about the narrative on the massive hack on Yahoo, and a huge tip on remembering and protecting your passwords
First, the Yahoo hack happened in 2014. They're just announcing it now.
They're saying it was... well, here's what Yahoo actually says:
"We have confirmed, based on a recent investigation, that a copy of certain user account information was stolen from our network in late 2014 by what we believe is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected."
It's odd that the news hit big yesterday. It was reported by Clio.com in early August. They reported:
"On Monday, the hacker known as Peace, who had previously sold dumps of 117 million LinkedIn account details, 65 million Tumblr emails, and 360 million MySpace credentials , listed supposed credentials of Yahoo users on The Real Deal marketplace. The listed accounts --which are believed to be stolen back in 2012 -- contain usernames, passwords, and dates of birth, and appear to be hashed by the md5 algorithm -are up for sale for three Bitcoins i.e. around $1,860."and, that same article, which included reporting that Yahoo confirmed the hack, added,
"This data is especially useful for phishers who look to monetize through illegitimate ways. If the hacker's claim is real, affected users can expect password reset links to be sent to them at some point."
Thanks for telling us six weeks later, as well as two years later, Yahoo.
Now, about the claim that the hack was by a state-sponsored actor. TV news is reporting that it was Russia. It's interesting timing, with the Clinton and Obama people seemingly creating a new red-scare, red-menace narrative. Maybe that's because Obama and Clinton have supported the nazi, fascist takeover of Ukraine, which Russia opposed. Maybe it's because Russia is actually fighting ISIS/Daesh, while Obama has it's resources directly or indirectly allying with them so as to fight the Assad government. Yahoo's blaming Russia taps the meme Clinton and Obama have promoted. What next? Senate hearings blaming Ed Snowden for the hacks? McCarthyesque hearings? If it wasn't so dangerous to ramp up Russia-phobia it would a hilarious joke. Too bad NSA and other spy agencies have lied to us so many times there's no way we should believe anything they say about Russia.
I logged into Yahoo, which I don't do very often, only to be informed that Yahoo would let me know if my account was hacked. I have not received the email notification they say I'll receive. I'm not worried. I primarily use Yahoo for their Flickr photo saving and sharing site. And, I use a different password for every site. The good thing is, I don't need to write them down. I use a formula to create a password specifically for each site. It's actually easy. Here's an example.
How to create an password algorithm, so you only have to remember one thing for every website, even though each one has a very strong password that's different.
Take the domain name, say, yahoo. Count the letters, in this case, 5.
Take a fixed number that you'll use for each website you create a password for-- like your mother's birth year. Say that was 1940. Take the 40 and subtract 5 from it. That gives us 35.
Then add a character, like a question mark, asterisk or dollar sign. (Not all sites allow them. They have idiot programmers who don't have a clue about programming and security.) Let's go with $.
So far, we have 35$
Next, take the domain name and change some things. Take the first letter or any other letter and make it upper case. Many sites require upper and lower case.