Yahoo Hacked, Half a Million Passwords Stolen
News emerged last week that a group called D33D had hacked Yahoo and posted nearly half a million usernames and passwords online. The email addresses and passwords were published in a text file which is still freely downloadable.
The Yahoo hack mainly affects users who had signed up for Associated Content, a service which was acquired by Yahoo in 2010. While news of security breaches and password leaks occurs on a pretty regular basis, the sheer volume of the violation in this instance made headlines around the world.
Soon after news of the Yahoo hack broke, I found my Facebook account locked down as a security measure against a ‘potential breach’. As it turns out, Facebook had identified users who had been affected by the breach with identical passwords on their Facebook accounts – and I was one of them.
I signed up for Associated Content in 2008 with a password I use on far too many different sites and, foolishly, have not updated until now.
Perhaps naively, I thought that a company such as Yahoo would take reasonable measures to ensure that user information was stored in a safe way. The fact that the data was completely unencrypted is not only frustrating for users, but has also opened Yahoo to potential lawsuits for failure to maintain appropriate electronic safeguards.
The group behind the Yahoo hack, D33D, has taken the high-ground in the matter stating “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call…There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
If you ever owned an Associated Content or Yahoo Voices account, or are unsure whether you may have been affected, you can use the service provided by Dazzlepod to search to see if your account was affected by the Yahoo hack.