Oh, Yahoo, where do I start? We used to be good together back in 2004. But now I’m angry and disappointed. And it’s not me, it’s Yahoo.
The data breach the company disclosed last week, affecting more than 1bn users, dates back to 2013 — a year earlier than the breach of 500m accounts reported in September. Whether you use Yahoo or not, disabuse yourself immediately of any notion that this breach is like the last. The implications are worse and reach beyond the company. And it’s not just about the number of people affected.
This time Yahoo is saying outright that all affected user passwords were stored in a manner that makes your average cyber security bod go nuts at the madness of the world. “Security! experts! slam! Yahoo! management! for! using! old! crypto!” ran a headline in The Register, an industry rag, mocking the internet company’s corporate punctuation.