
Yahoo probes possible huge data breach - JohnHammersley
http://www.bbc.co.uk/news/technology-36952257
======
maldeh
_However, attempts to contact more than 100 of the addresses in the sample saw
many returned as undeliverable with auto-responses reading: "This account has
been disabled or discontinued," which might suggest that the data is old._

Or another sad possibility is that this may be representative of any sample of
yahoo email addresses.

~~~
erikpukinskis
One of my friends had years of correspondence stored in a Yahoo Mail account,
including letters from people who had then passed away.

She did a study abroad, and when she came home a year later discovered that
Yahoo had closed the account. All of that correspondence was gone forever.

~~~
reitanqild
Classic from old Hotmail as well.

Don't think hotmail do this anymore but I am sure I fell victim to it 16 or so
years ago.

~~~
ryanburk
hotmail / outlook does still delete email from inactive accounts, and then the
account itself. you have to log in every <270 days (9 months) to keep the
system from deleting your mail and in <12 months to keep your email
address/account alive.[1] but you will get emails to your secondary email
address as a warning before this happens. gmail also does the same, but likely
on a longer time horizon[2].

[2] I worked on outlook.com and [http://answers.microsoft.com/en-
us/outlook_com/forum/oemail-...](http://answers.microsoft.com/en-
us/outlook_com/forum/oemail-orestoremail/deleted-hotmail-account-due-to-
inactivity-i-need/252611c1-94d6-4b48-974c-005038ea46f7)

[2] [https://www.quora.com/Will-Google-deactivate-my-Gmail-
accoun...](https://www.quora.com/Will-Google-deactivate-my-Gmail-account-if-
it-is-not-used-After-how-long-does-it-deactivate)

~~~
msravi
The quora link you posted also says that gmail does NOT do that anymore - the
clause was removed from their policy.

------
gjkood
In the interest of making this a learning experience for myself and others, I
would like to get any feedback on the following questions.

What would be considered as strong/good/secure password/authentication
algorithms if one had to implement this today?

What would you recommend today as a good/secure authentication library that
one can use with a micro framework like Python Flask (or others)? What about
the authentication library in the batteries included Django framework?

What about recommended general authentication libraries for other web
application frameworks such as Phoenix/Elixir, Node based, Go based, etc?

Here are some links from OWASP/Google that offers some details:

[https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_...](https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet)

[https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet)

[https://docs.google.com/document/d/1R6c9NW6wtoEoT3CS4UVmthw1...](https://docs.google.com/document/d/1R6c9NW6wtoEoT3CS4UVmthw1a6Ex6TGSBaEqDay5U7g/edit)

~~~
mmaunder
_What would be considered as strong /good/secure password/authentication
algorithms if one had to implement this today?_

Use salted bcrypt or another slow salted hashing algorithm. The goal is to
make it expensive to crack. For reference, the GPU version of hashcat
(cudahashcat or oclhashcat) is very popular, and look at these benchmarks to
choose a hashing algorithm and to understand what to avoid like the plague:

[https://gist.github.com/epixoip/c0b92196a33b902ec5f3](https://gist.github.com/epixoip/c0b92196a33b902ec5f3)

Clearly md5 is a no no and bcrypt and a few others are a huge improvement.

However, I feel compelled to add (and please don't flame me for this, just
sharing reality) that even MD5 can actually be very hard to crack if your
users use a long password (12 chars or above) and a large enough character
set. In other words, using 12 char or more passwords with uppercase,
lowercase, numbers and symbols is hard to crack even if they used a crappy
algorithm like md5.

So the ideal combo is a strong hashing algo and enforcing complex long
passwords.

~~~
tpro
Is it even necessary to actual enforce password complexity? Or is it enough
that those characters theoretically could be in the password? The size of the
password-space is the same.

~~~
ximeng
Whoever is trying to find a password that hashes to the known hash will order
the passwords they try in order to prioritise testing more frequently used
passwords like aaaaaaaaaaaa rather than mj(8anZ0$uQ,! , so if you can
encourage people to choose a less predictable password you increase the cost
of discovering the password for an attacker.

~~~
mmaunder
Correct. They'll also start with dictionaries of a few hundred million
passwords which they'll run through fairly quickly. Then they'll use mask
attacks as @ximeng said in ascending order of length and complexity.

[https://hashcat.net/wiki/doku.php?id=mask_attack](https://hashcat.net/wiki/doku.php?id=mask_attack)

So it's critically important to enforce length because short passwords will be
cracked quickly even with slower hashing algorithms.

------
adevine
Am I right in understanding that the passwords were hashed with MD5? WTF?

~~~
imaginenore
While we found some MD5 weaknesses, it's not broken in the general case. If I
give you a well salted MD5 hash of a password, your only option is still
bruteforce.

While you can produce two files with the same MD5, it doesn't help you to
reverse a hash.

~~~
rahkiin
Problem being that MD5 is incredibly fast, as opposed to e.g. Bcrypt, which
makes bruteforcing so much easier.

~~~
imaginenore
True. Assuming one round of MD5.

------
overcast
Oh man, all of my spam, and mail from people I didn't want having my real
address will be compromised.

~~~
dagaci
Its becoming increasingly the case that the idea of semi reliable "privacy" is
rapidly disintegrating and perhaps this is not a bad thing

------
at-fates-hands
_Using the name Peace, the hacker said the data was "most likely" from 2012._

So you're saying as long as you updated your password from the 2014 breach,
you should be fine.

------
JoelBennett
Rather timely, given their recent buyout.

~~~
xufi
A last minute security fix. Funny that Myspace got hacked too apparently

------
Jerry2
What's shocking to me is that Yahoo! still uses MD5 hashes. Those can be
decrypted almost instantly with hashcat and tools like it. There's some
confusion about the age of data in question but I hope they've moved away from
MD5 since the breach occurred.

~~~
svenfaw
Only for weak passwords. Strong (80-bit plus) passwords are still safe, even
with unsalted MD5. Too bad people are really bad at choosing passwords.

~~~
AdmiralAsshat
Too bad as well that very, very few sites support 80 character long passwords.

Ever since I switched to a password manager, I've always made sure that the
length of it is the maximum length that the site will accept.

I am getting pretty pissed with the sites that have ridiculous "security"
schemes like 1 capital letter, 1 one number, 1 special character, must rotate
every three months...but will only allow a password between 8-12 characters
long.

~~~
jgalt212
wait, which one is strong enough under MD5 hashing? 80 bit or 80 character?

~~~
wolf550e
80 bits of entropy (20 really random hex chars) should be safe enough.

------
yeukhon
> The passwords appear to be hashed - which means they have been scrambled -
> but the hacker has also published details of the algorithm allegedly used
> for the hash.

I like how BBC triedto explain what cryto hash does to plaintext, but this is
a poor way to describe what hash is because scramble means re-ordering, but
hashing doesn't reorder. I hope this reporter takes time to come up with a
different way to explain to general public.

------
shanacarp
Can I admit seeing this right above the Verizon post (as it is right now)
makes me giggle

Well, I'm not sure Verizon is going to love NOT being a dumb pipe...

------
tanqueray
If some of these accounts have been deleted how has a hacker got a username
and password for them?

~~~
orionblastar
Old breach from 2012. Just being reported now and some of the accounts
breached have expired.

------
Edmond
Grammar police: "Yahoo probes possibly huge data breach"

~~~
potatoyogurt
This fundamentally changes the meaning of the title. "Yahoo probes possibly
huge data breach" implies that there was a data breach, and it may or may not
be huge. "Yahoo probes possible huge data breach" implies that there may or
may not have been a data breach to begin with.

~~~
Edmond
Not at all. [http://www.merriam-
webster.com/dictionary/possibly](http://www.merriam-
webster.com/dictionary/possibly)

If you really want to go there, then one could say any reference or dependence
on possibility implies probability, which necessarily includes the possibility
of the event not happening at all.

~~~
alain94040
I don't think that was the point of the comment you are responding to.
Possibly can only attach to "huge", so it parses as "probes [possibly huge]
data breach". Whereas possible attaches to the whole data breach and parses as
"probes possible [huge data breach]".

