It's because we all keep logging in to change our passwords.

I often wonder if there really was a Linkedin breach, or if it was just to force people to remember they had a Linkedin account.

Reminded me to delete my LinkedIn account...

Is that even possible? I got a password reset email for a LinkedIn account that I thought I had deleted years ago. I know that sometimes logging in can reactivate an account, but it's been YEARS now. And it was like I was always there.

LinkedIn is like dallisgrass. pesky stuff to get rid of.

It seems to have worked; at least the recruiters have stopped sending me emails every day about jobs that don't match anything in my resume.

A LOT of people use Linkedin regularly, perhaps not where you live.

Living in France as a good Java dev, LinkedIn sends me few spam, while it is very relevant to get contacted by recruiters whenever I update my resume. I've found my last 2 gigs in my last 3 years (yeah I'm a software editor who only contracts whenever my income gets low) through LinkedIn. Of course, this doesn't understate LinkedIn's other face which is made of dark patterns, probably-illegal data hunting, massive spamming problems and doubtful security.

I hardly doubt so.

No such thing as bad publicity?

Right, I feel like my Yahoo! account has been in a perpetual state of compromise since, oh, about 2000.

Increased engagement!

They just need more ads on the forgot password page for life lock and they can turn it around!

500m users is different than 500m active users, plus I wonder how many people use yahoo for fantasy sports and nothing else

Yahoo hosts the email for many ISPs, including AT&T.

Wait, Yahoo hosts all of AT&T subscribers' email, or there is some cross-account link? Important difference.

Yahoo hosts all mail for BT Internet in the UK (the former national telecom, now one of top 3 ISPs)

The good news about this breach is that it will greatly increase their "active user" count because of password reset logins. That looks good for the buyout deal.

Twitter did this to me right after their last not-so-great quarterly report came out: sent an email saying they have noticed "suspicious activity on my Twitter account and have suspended it. Click this link to reset your password." Which is kinda funny because I never posted one thing to my Twitter account. So locking it for me was the next best thing to deleting it.

When I got the LinkedIn breach email, I too just deleted my account there. Wasn't worth the fretting about security problems.

Nobody said they were active users.

I use Yahoo for fantasy sports. When I signed up I was forced to register a RocketMail account. Logging into Yahoo Fantasy is the only thing I've used it for. I wonder how many other people are in this scenario.

Some hacker might have my password, hopefully they don't pull Aaron Rodgers from my line up this week.

Yahoo's been authenticating me nearly every time I try to access the fantasy app on my phone. They've made me change my password 3 times in the past month or so. And the password I set doesn't seem to work, so I keep having to use their phone based authentication. With all the money that they have, it's hard to fathom how Yahoo is so bad at delivering secure identity services.

I started using their "Account Key" process, any time I log in on the site from a computer, I get a notification from my Yahoo sports app (iPhone) asking me if I would like to allow the login attempt. I actually like it better than the two-factor auth I use for other accounts. Whether it's more secure or not, I don't know..

EDIT: just for clarification, this replaces the password entirely. So I never enter a password on the site.

Can you help me understand how it replaces the password entirely? What if I lost my phone, or just deleted their app? Does it basically fall back to letting you click a link in your email to approve logging in? Or, SMS, or...? I've been skeptical of it.

Fortunately iCloud Keychain means my current Y! password is random as hell and not reused anywhere, but I'm slightly nervous wondering what the hell password I had in 2014 or 2012 or whenever this stupid leak happened. :/

If you don't enter a password, then it isn't two factor auth at all. It just swapping one-factor (something you know) for another (something you have).

I know that it's not, I just said that I like it better than the two-factor auth that I use elsewhere. If I need to pull out my phone; its just easier to click my notification and click "approve", than to go to Authy to get the 6 digit code, and type it in to my computer.

Sorry, I misunderstood your statement. I thought you were comparing it to 2FA elsewhere. Now I see that you were just comparing it to the second factor elsewhere (not the whole 2FA0).

if something you have requires a password, you still have two-factor. Kind of.

Right, but in this case, it does not require a password. So it is not two-factor.

Yahoo is still big in Asia. The US is just a 300 mil people market. There are giant internet companies that US consumers never heard about.

I don't think investors are quite that stupid. First that was 500m users in 2014, not today. It also doesn't say active so it's likely some subset of a total. I wouldn't be surprised if Yahoo had even more than 500m accounts in 2014 and today but I would be SHOCKED if they had nearly that many active users.

Yahoo currently is clocking around 900M - 1B monthly uniques.

Consider that third-party tracking still places Yahoo as one of the top trafficked websites in the world, with only Google, Baidu, and Facebook higher.

Full disclosure: I work for Yahoo.

Monthly uniques? Oh come on... what's the daily?

I'm not sure what you're trying to say. The algorithms adjust for bots, spam, cross-platform duplication, etc. 900M - 1B is defined as the Monthly Active Users figure.

Naturally, there are areas where we know the algorithms are not translating the inputs to real users with 100% fidelity, but we know that the discount is relatively minor, not nearly as substantial as youre suggesting.

Multiple counter-parties had their teams diligence our user figures and associated algorithms and found them to be generally accurate representations.

Unless you're using a different definition of "active, monthly user" that deviates from the industry norms?

> 900M - 1B is defined as the Monthly Active Users figure.

Okay that's the disconnect. Monthly uniques typically count is unique accesses of a web page by non-bots / spam. This is how I've seen it defined in every analytics software package I've ever used. Monthly active users is a vastly different concept as it implies repeat access within the month.

Though judging by the downvotes on my parent comment I'm guessing my thinking of the terms is NOT standard? Not going to lie I'm a bit confused around this. I'm going to have to look into it more.

Sorry, my mistake for being loose with my own terminology. I thought it was implied that I meant unique users, which, given my own comment about terminology, was a bit hypocritical of me.

Maybe the parent would define a "user" as someone with an email and password in a users table?

Exactly.

Unique visitors versus active accounts.

Entirely likely it's not 500m, for sure, but i would not be surprised if it's still in the hundred million active email accounts. Lot of elderly folks who got hooked on a yahoo email account, and just won't give it up. I can say based on consumers emails I've seen in some of the systems I've managed, yahoo still clocks in as a pretty solid 15-20% of email addresses of active users, which isn't a small figure (gmail is of course higher, and major isp's round the bases).

What? You inferring this is actually part of a marketing campaign?

Conflicted?

Yahoo in Japan is a different company. It belongs to a different group now, so don't count it in.

Yeah, I was wondering about that when I posted (too quickly). You're right of course, though it turns out that Yahoo! still owns 35 percent of Yahoo Japan, basically the same amount as Softbank, a major Japanese ISP I believe.

http://ir.yahoo.co.jp/en/holder/status.html