Comments moved to https://news.ycombinator.com/item?id=12559006.

URL changed from http://uk.businessinsider.com/yahoo-to-confirm-2012-hack-200..., which linked to this

The article says the data includes "easily decrypted passwords". How is that even possible for a company with the engineering staff and history of Yahoo? Deliberate negligence?

Updating: the official Yahoo press release says "hashed passwords (the vast majority with bcrypt)", so perhaps the Recode article was not entirely correct.

I thought the speculation at the time that this was Tumblr rather than the main Yahoo accounts. I guess we will see.