450000 Yahoo users password leaked


Recently about 450000 Yahoo users’ passwords were leaked. It was an eye opener to the security issues of the leading Email Service providers as well as an alarm to the users to keep themselves aware and updated about such threats. Read this article to find link for users to find out if their email id was hacked and guideline to help them secure their email Ids for future.

It was recently disclosed that around 450000 users Yahoo passwords were hacked and published in the net. This article gives an overview of what actually happened.

What was the problem?


A hacker known by the name D33Ds Co publicly posted about 4,50,000 log in credentials with User Id and passwords in the which he claims to have been obtained from "Yahoos Contributor Network Site" . This site was created and was open for the contributors in May 2010 to attract potential content writers. The hacker claims that it used "union –based SQL injection" which in lay mans word can be described as getting into a poorly secure website and extracting data from the same. It seems that the passwords were stored in plain text instead of the adopting the hash process which basically stores the password in a mask cryptographically to save the leak of passwords by such hackers.
Hackers claim that the whole motive behind leaking the passwords was to primarily convey the message to Yahoo to boost their security systems not for any malicious reasons.

Whose Log In credentials is leaked?


It is not particularly clear as to whose Log In credentials are leaked but a hint of the word "writer" in umpteen instances of the User Ids and passwords like paidwriter@yahoo.com, richwriter hints at the fact that most probably the users of "Yahoos Contributor Network Site" has been hacked. Yahoos Contributor Network Site included individual writers who were associated either with Yahoo or with Associated Content.

What other details does the published file contain?


The published document also flashes the credentials of other emails providers like the Gmail (106873), Hotmail (55148), AOL (25521), other ISPs (Comcast, Cox, Mindspring). The most probable reason behind it being that Yahoo allows Log In through Google or Facebook account and it is not mandatory to have a Yahoo Id to Log in to the yahoo content site. Apparently the users who had logged in through their other service providers have also been hacked.

How to know if my Password is in the list?


One can search for the file "yahoo-disclosure.txt" on the net to find the list of credentials that have been leaked out. Alternatively one can also click on http://labs.sucuri.net/?yahooleak enter ones email Id to check if ones password has been leaked. This is a tool from the Sucuri Labs which helps you to locate if your password has been hacked.

My Email Id is in the list of leaked passwords what to do?


Change your password as soon as possible. Make it cumbersome using numbers and special characters. Make it more difficult by making it case sensitive. Take care to change the password of the email Ids on a priority basis if the same email is used for sensitive cases like bank account.

What is Yahoo's official statement for this whole episode?


"At Yahoo we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo and other company users names and passwords was compromised yesterday, July 11. Of these, less than 5 percent of the Yahoo accounts had valid passwords. We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users' accounts may have been compromised. We apologize to all affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com. "


Related Articles

More articles: Yahoo

Comments

No responses found. Be the first to comment...


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: