Yahoo data breach -- CHANGE PASSWORDS NOW!

Yahoo! had a data breachCHANGE PASSWORDS NOW

Why is this insanely bad? Unsalted passwords. Hashed using MD5.

I’d suggest changing your passwords now. Because odds are whoever got them, has plaintext passwords now. Always Salt your passwords and SHA1 – preferably SHA256 or SHA512 – WITH A SALT!

I’m beyond livid.

Yahoo…that is some kind of search engine from AOL days right? Oh… they must run one of those spam-mill webmail servers. I don’t think I have a Yahoo address in any of my mail contacts at all. I will be sure to keep them off my BBS.:sos: I figured everyone here would just be running their own mail server.

1 Like

Can’t get a SHA1 cert off the market since exactly one year ago. I can’t imagine that a company like that was running MD5 for anything but maybe creating UUID’s for attachments or something. You sure this isn’t some of that fake news stuff?

Says they were using bcrypt, which I know is like blowfish and is salted…if a dated bit of math. Apparently they keep a mixed bag of stuff around, and this was a 2014 break-in confirmation Hope your stuff is OK… does have it’s own mail server?

No, and I don’t want to manage one. The less resources I have to dedicate, the better. We’re learning from the mistakes made while at OpenMRS. Servers are only provisioned when they are needed…