Yahoo Passwords Stolen in Latest Data Breach
By DREW FITZGERALD July 12, 2012
Yahoo Inc. said it is investigating a data breach that allowed a hacker group to download about 453,000 unencrypted user names and passwords in another black eye for the Internet company.
The Sunnyvale, Calif., company said Thursday that the compromised user information belongs to Yahoo Voices, a self-publishing service once known as Associated Content. A hacking organization called D33Ds Co. posted the stolen data on its website and appended a note describing the download "as a wake-up call and not as a threat." The group said it aims to expose Yahoo's vulnerabilities.
Yahoo said that less than 5% of the Voices accounts had still-valid passwords, though the file disclosed email addresses from hundreds of thousands of users.
Some people registered for the Yahoo service using email addresses from other services such as AOL Inc. and Google Inc.'s Gmail, neither of which were hacked. But with users' Yahoo Voices passwords exposed online, those users who shared passwords across several websites could still see other accounts compromised.
Yahoo said in an emailed statement that it is fixing the vulnerability that led to the data breach. The company also said it is changing affected users' passwords and notifying companies with accounts that might have been compromised.
Constellation Research analyst Ray Wang said Yahoo apparently fell prey to an extremely common kind of database attack that most companies typically take steps to combat.
...