Yahoo has confirmed that a file of more than 450,000 passwords was stolen from its Contributor Network which publishes content through Yahoo Voices, but claims that only five percent are valid.
The Yahoo passwords file, which was stolen and posted online by hackers going by the name of D33Ds as a wake-up call contained an unencrypted list of 453,000 login credentials, but Yahoo has apologised for the breach, and made a response claiming the data was an “older file” in which most of the passwords are now invalid.
Yahoo promises it is taking “immediate action” to fix the vulnerability that let hackers take the data – which the D33Ds group claims to have got using a SQL injection attack.
Yahoo says it is changing the passwords of the affected Yahoo! users and is “notifying the companies whose users accounts may have been compromised.”
Yahoo has yet to explain why the file was not encrypted, which security site TrustedSec says is “the most alarming part to the entire story.” Passwords should always be kept in encrypted form and the encrypted hash files should be “salted” to make them harder to decrypt. Business social networking site LinkedIn is facing legal action because its password file was stolen, and had been encrypted but not salted.
Given the evidence of lax security, all Yahoo users would be well advised to change their passwords to be on the safe side.
Are you a security guruf? Try our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…