Podcasts & RSS Feeds
Most Active Stories
- Investigators Ask For Public's Help In Ongoing Abigail Hernandez Investigation
- Ousted CEO Arthur T. Demoulas Wants To Buy Market Basket Chain
- Bare Shelves, High Spirits As Market Basket Employees Continue Rally
- On Demand: What's New To Netflix, Redbox, And Amazon Prime For July 2014
- The Polish Princess: Baking Bread And Helping The Economy One Job At a Time
Thu July 12, 2012
Yahoo! Confirms Data Breach; 400,000 Passwords At Risk
Yahoo said today that hackers had stolen and posted a file that contained 400,000 usernames and passwords.
The New York Times reports that those credentials were used not only for Yahoo! services but to services such as Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, Bellsouth and Live.com.
The Times' Bits blog reports:
"The hackers claimed to have stolen the passwords using a hacking technique called an SQL injection, which exploits a software vulnerability.
"The breach comes just one month after LinkedIn, the online social network for professionals, had millions of user passwords exposed after hackers breached its systems. The breaches highlight the ease with which hackers are able to infiltrate systems, even at some of the most widely-used and sophisticated technology companies."
In a statement, Yahoo! told the BBC that the file stolen was an "older file from Yahoo Contributor Network."
"Of these, less than 5% of the Yahoo accounts had valid passwords," Yahoo! said. "We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users accounts may have been compromised."
The AP reports that the hackers, who call themselves D33D Company left a note with the stolen file.
"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call," they said according to the AP.
As always, security experts recommend that you change your passwords on a regular basis.