Yahoo to confirm a historic hack affecting 200M users

Comments moved to <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=12559006" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=12559006</a>.

URL changed from <a href="http:&#x2F;&#x2F;uk.businessinsider.com&#x2F;yahoo-to-confirm-2012-hack-200-million-users-report-peace-2016-9" rel="nofollow">http:&#x2F;&#x2F;uk.businessinsider.com&#x2F;yahoo-to-confirm-2012-hack-200...</a>, which linked to this

The article says the data includes &quot;easily decrypted passwords&quot;. How is that even possible for a company with the engineering staff and history of Yahoo? Deliberate negligence?

I thought the speculation at the time that this was Tumblr rather than the main Yahoo accounts. I guess we will see.