It’s time to change your Yahoo passwords once again, as once again Yahoo Mail has been hacked. The company mentioned this little tidbit in a blog post on Thursday. Hacker access to Yahoo account passwords has become a real problem for the company over the last year or so, with multiple attacks and cyber thefts affecting thousands of users.
Yahoo admits security is lacking
The very first line of the blog post goes far as to admit that the hacking has become a regular issue. “Security attacks are unfortunately becoming a more regular occurrence,” said Jay Rossiter, SVP, Platforms and Personalization Products, the author of the post. This is said as if it was no big deal, followed immediately by,”Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.”
This, unfortunately, has become Yahoo Mail’s answer to the meaning of life the universe and everything: change your password. Because changing your password fixes everything.. right?
Yahoo falls just short of blaming Mail users for breach
Later in the post Rossiter tells users, “In addition to adopting better password practices by changing your password regularly and using different variations of symbols and characters, users should never use the same password on multiple sites or services.” First of all, this is old advice. Like, early 90s advice (at best). Second, the accounts were not hacked via code-breaking the passwords on individual accounts. The passwords were stolen en mass.
Yahoo disregards user security
“Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise,” said Rossiter. This isn’t the first time (by any stretch) that Yahoo has blamed a “third party” for breaches in security. It seems to be the go-to answer for them in fact. Yet, what does the company plan to do about it?
What we’re doing to protect our users
- We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account.
- We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack.
- We have implemented additional measures to block attacks against Yahoo’s systems.
In other words, they’re not really doing anything to keep this from happening again, since, by their own statement, the breach didn’t happen on a “Yahoo system.”
To make matters worse, this particular instance of hacking occurred on accounts that had most recently sent email outbound. We hope you don’t have friends, family, or business associates you like to talk to, because they just became a security risk. That picture of your youngest child that you sent to grandma and grandpa? Someone used it to attack a fortune 500 company in your name. Good morning and you’re welcome!
Someday Yahoo may get its act together and provide something resembling a secure email network. Until then, here’s where you can get a Gmail account.