> I am not sure what end-to-end encryption would have done to defend Yahoo's users against the entity that broke in and hoovered up its databases.
Why? Wouldn't it mean the hackers are unable to decrypt the data of users who had a strong password? If the server has the ability to decrypt user data, is that really 'end-to-end encryption'?
It sounds like the system you describe does not use end-to-end encryption.
To put it another way: WhatsApp claim to use end-to-end encryption for their messaging service [1]. If a hacker gained unrestricted access to their online server and database, could that hacker read any user messages?
> It is believed that the hack compromised personal data from the accounts including names, email addresses, telephone numbers, dates of birth, hashed passwords (the majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.
Why? Wouldn't it mean the hackers are unable to decrypt the data of users who had a strong password? If the server has the ability to decrypt user data, is that really 'end-to-end encryption'?