Last week we broke down the biggest winners of 2016. This week, we’re taking a look at the biggest losers.
Yahoo has clearly had one of the worst years in history for a company. And, unless something changes soon, this whole mess with the NSA and 1.5 billion hacked accounts could become the problem of Engadget’s parent company Verizon. So, there’s that. Of course there was Samsung’s parade of exploding gadgets and Twitter… well, Twitter just couldn’t seem to get its act together. It’s now known as the platform of choice for trolls and white supremacists as much as it is for forcing you to distill complex thoughts into 140-character fragments.
Of course, between the explosion of fake news and the continued hostility towards the science of climate change, the biggest loser of 2016, might just be the American public.
Check out all of Engadget’s year-in-review coverage right here.
Managing Editor Dana Wollman and Senior Editor Devindra Hardawar join host Terrence O’Brien to talk about the biggest tech stories of the week. First Dana and Devindra debate the value of Amazon’s delivery drones and Google’s… I mean Alphabet’s new self-driving car company, Waymo. Plus they discuss the privacy freakout surrounding Evernote. Then all three will dig into the never ending security failures of Yahoo. Now that the company has admitted that over 1.5 billion user accounts were compromised — and didn’t say a word about it for over 2 years — will Verizon still go through with its planned buy out? The panel certainly hopes not.
- Google spins out its self-driving car division
- Evernote’s new privacy rules may let its employees read your notes
- Amazon completes its first drone-powered delivery
- Yahoo confirms new security breach affecting over one billion accounts
- Yahoo confirms over 500 million users affected in 2014 breach
You can check out every episode on The Engadget Podcast page in audio, video and text form for the hearing impaired.
Watch on YouTube
Watch on Facebook
Subscribe on Google Play Music
Subscribe on iTunes
Subscribe on Stitcher
Subscribe on Pocket Casts
Yahoo just revealed that in August 2013, someone stole data linked to more than one billion accounts. Back in September, the company announced a 2014 security breach affecting some 500 million users, however, it believes these two incidents are “likely distinct.” Additionally, the company says that it believes the same hackers from the 2014 breach dug into its code and figured out how to forge cookies to target specific accounts. It has invalidated the forged cookies and notified holders of the affected accounts.
Yahoo today announced that it believes more than one billion Yahoo user accounts were compromised in a hack by an unauthorized third party in August of 2013.
Information stolen from affected accounts includes names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers. Clear text passwords, bank account information, and credit/debit card information were not believed to be accessed in the attack.
According to Yahoo, the hack was discovered after law enforcement officials provided the company with what appeared to be Yahoo user data from an unknown source. Yahoo says it has not been able to identify the specific intrusion, but it is “likely” distinct from a late 2014 hack that compromised more than 500 million Yahoo user accounts.
Earlier this year, Yahoo confirmed that “at least” 500 million user accounts were accessed in September of 2014, and this marks a second attack during the same general timeframe.
Yahoo is notifying users who may have been affected by the attack, and says it has “taken steps” to secure their accounts by implementing mandatory password changes. Unencrypted security questions and answers have also been invalidated.
Along with the 2013 hack compromising 1 billion user accounts, Yahoo has also announced that an ongoing outside investigation suggests an unauthorized third party accessed proprietary code to forge cookies, a technique that may have been used by the hackers responsible for the September 2014 attack. Those account holders are also being notified.
The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. Yahoo is notifying the affected account holders, and has invalidated the forged cookies. The company has connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.
Yahoo suggests users “review all of their online accounts” to check for suspicious activity and change any passwords that might have been used for a Yahoo account and another online account. Yahoo also recommends implementing two-factor authentication and avoiding links from suspicious emails.
Discuss this article in our forums
It’s no secret that Flickr is popular with phone-toting photographers, but it’s now reaching a tipping point. The Yahoo-owned image service has posted its year in review, and it notes that 48 percent of photo uploads now come from smartphones. That’s a big jump over the 39 percent from 2015 — it’s now clear that you’re in the minority if you uploaded shots from a dedicated camera. The numbers for conventional cams aren’t exactly pretty.
The DSLR crowd was the hardest hit, as its representation tumbled from 31 percent in 2015 to 21 percent this year. Point-and-shoot use was down, too, to 21 percent from 25. About the only dedicated camera category left untouched was mirrorless, although its 3 percent is nothing to crow about.
When it comes to whose devices are at the top, it’s a familiar story. Of all photos with camera data attached, 47 percent were uploaded from Apple hardware — 8 out of the top 10 devices were iPhones. Canon was a distant second at 24 percent, and it accounted for the two other devices in the top ranks (the EOS 5D Mark II and Mark III). Nikon was third at 18 percent, leaving everyone else to fight for just 11 percent of the pie.
Flickr doesn’t usually elaborate on these stats, although you can point to a few factors behind the mobile shift. For one, smartphone image quality is quickly reducing the pressure to use dedicated cameras. DSLRs and mirrorless cams still take better photos overall, but a well-made smartphone shooter is frequently good enough for pleasing street shots and flower macros. The convenience of posting from your phone (especially with improving cellular data speeds) is hard to top even when a camera has WiFi, too. As for Apple’s dominance of the charts? Some of it comes through the Flickr integration that iOS has had for years, but it’s also helped by the iPhone’s popularity in the US and reputation for good (though not always best) photo quality.
Source: Flickr Blog
Yahoo Answers has been the butt of many jokes for a long time now. But if you enjoy browsing through all the amusing questions people submit and tend to reply to some yourself, you’ll love the latest update out of the company’s HQ: Yahoo Answers now has a standalone iOS app. According to TechCrunch, it was previously known as Yahoo Hive, which has been lying low on the App Store since the summer. Its launch is likely an attempt to challenge newer, shinier Answer rivals like Quora. It’s also the latest in the list of mobile apps Yahoo released this year.
Yahoo launched quite a few standalone applications these past few months, including the Newsroom, a travel search engine called Radar and a dedicated Esports app for Android. This one is only available for iOS devices, though, so you’ll have to stick to Answers’ website if you’re using another platform. Marissa Mayer was hoping that Yahoo’s mobile efforts could help solve its many problems. Since that didn’t quite work out, Verizon is now buying up the company for $4.38 billion. That said, Yahoo’s woes still aren’t over: the carrier is reportedly seeking a $1 billion discount after it came to light that Yahoo suffered a huge email breach that affected 500 million users.
In September, Yahoo confirmed that at least 500 million of its users’ accounts had been compromised during an attack in late 2014. Now, in a recent filing with the Securities and Exchange Commission, it was revealed that the company knew about the hack when it originally happened in 2014, but waited two years to divulge it to the public (via TechCrunch)
Describing the investigation, the new SEC filing notes a “state-sponsored actor” who gained access to the company’s network in late 2014, along with Yahoo’s awareness and identification of the individual in question during the same time period. Information stolen included names, email addresses, telephone numbers, dates of birth, hashed passwords, and encrypted or unencrypted security questions and answers.
In late July 2016, a hacker claimed to have obtained certain Yahoo user data. After investigating this claim with the assistance of an outside forensic expert, the Company could not substantiate the hacker’s claim. Following this investigation, the Company intensified an ongoing broader review of the Company’s network and data security, including a review of prior access to the Company’s network by a state-sponsored actor that the Company had identified in late 2014. Based on further investigation with an outside forensic expert, the Company disclosed the Security Incident on September 22, 2016, and began notifying potentially affected users, regulators, and other stakeholders.
Now a board made up of independent counsel and a forensic expert is said to be investigating “the scope of knowledge within the company in 2014,” as well as Yahoo’s basic security measures and related incidents. The filing describes $1 million in losses for Yahoo relating to the security breach so far.
Additionally, Yahoo said that 23 class action lawsuits have been filed against the company by consumers targeted by the security breach in 2014, in both federal and state courts, as well as foreign courts. Plaintiffs in the cases claim to have been “harmed by the company’s alleged actions and/or omissions” relating to the hack. The scope and monetary damages sought by each consumer was not divulged.
In attempts to move past the incident, Yahoo is cooperating with federal, state, and foreign governments and agencies who are investigating the hack. The biggest blowback for Yahoo might still be in its planned sale to Verizon, the latter company now asking for a $1 billion discount due to Yahoo’s current turbulent drama with the news of the 2014 hack.
Discuss this article in our forums
As Yahoo attempts to piece together how a hacker accessed 500 million user accounts back in 2014, the company has now admitted that some employees knew of a security breach when it happened. In a filing with the SEC, Yahoo said that while it only disclosed news of the attack in August, a “state-sponsored actor” had accessed its network two years ago but it didn’t quite know the extent of the damage at the time.
“The Company had identified that a state-sponsored actor had access to the Company’s network in late 2014,” Yahoo said in its filing. “An Independent Committee of the Board, advised by independent counsel and a forensic expert, is investigating, among other things, the scope of knowledge within the Company in 2014 and thereafter regarding this access, the Security Incident, the extent to which certain users’ account information had been accessed.”
In the same statement, Yahoo said it is looking into whether the same hacker was able to create cookies that would allow them to access user account data without the need for a password. Since the disclosure, law enforcement agencies have also shared data provided by an attacker. Yahoo is now assessing whether user details are from the 2014 hack or from a separate intrusion.
Account information stolen in the attack is thought to include email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority of which were encrypted) and possibly security questions and answers too. The hack has already cost Yahoo $1 million, but it may run into the billions if Verizon pushes for money off its latest acquisition.
Via: Financial Times
Source: Yahoo (SEC)
Yahoo has quietly introduced a new app called Yahoo Bots, as recently spotted by VentureBeat. The application, available for iOS and Android, acts as a hub to connect you with all of the company’s virtual assistants. You’ll find bots that provide information from Yahoo News, Yahoo Weather and Yahoo Finance, and more could be added in the future. Meanwhile, Blitz helps Fantasy Football players research their team and manage it, as well as get real-time stats, player news and personalized roster recommendations. If you want to check it out, Yahoo Bots is a free download from the App Store or Google Play.
Source: App Store, Google Play
To celebrate its 20th anniversary, the Internet Archive has created a special treat for its visitors: an utterly enormous number of GIFs culled from the original social network, GeoCities. Fittingly, the new collection is dubbed the Geocities Animated Gif Search Engine or GifCities for short. It features a whopping 4,500,000 animated GIFs from the classic internet era of the mid ’90s. Even though Yahoo shut down the service in 2009, each of these GIFs links back to its originating page via the Wayback Machine — just as with the National Archive’s collection.
Via: Boing Boing