Save Money / Consumer News
Yahoo hacked, 450K passwords posted online
LOS ANGELES (KABC) -- Just a month after LinkedIn suffered a major breach of its data, users of Yahoo Voices have now been targeted. Several hundred thousand passwords and email addresses were stolen by hackers.
According to ABC News, some of those users were Gmail, Hotmail and AOL email account holders, meaning their information was also hacked.
Yahoo confirms as many as 450,000 email addresses and passwords got into the hands of hackers on Wednesday. The security breach targeted what the company said was an "old file" from the Yahoo Contributor Network, which is a content-sharing platform.
While Yahoo claims only 5 percent of the stolen passwords are valid, some computer security experts said the breach suggests the company was negligent in safeguarding the data.
"When that data is out there, it really is incumbent upon them to protect it wherever it might be and that wasn't being done," said Dr. Clifford Neuman, director of the USC Center for Computer Systems Security.
Neuman said the hackers, who call themselves the D33D Company, stole the un-encrypted passwords using an SQL injection, which is a tool used by hackers to extract data from vulnerable websites.
"The particular kind of attack that was exploited here is one that has been known for many years. We see it coming up again and again," said Neuman.
Yahoo on Thursday released a statement, saying, "We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users."
But security experts said users need to protect themselves from potential breaches. Neuman suggests choosing complex passwords and never using the same password for every site. And if you are a Yahoo user now, the first thing you need to do now is change your password.
"More importantly, you need to change your password not just on Yahoo, but on online banking sites where a lot of users will use the same username and password on the online banking site that they use on a site like Yahoo. You should never do this," said Neuman.
The hackers posted a full text document online containing the usernames and passwords and said the breach should be a "wakeup call" rather than a threat to Yahoo.
save money / consumer news, jovana lara
- First section of new 405 Freeway lane opens 34 min ago
- Fewer travelers expected Memorial Day weekend
- I-5 bridge collapses in Wash.; 3 injured
- Disneyland holding Monstrous 'All-Nighter' 26 min ago
- 405 North crash, fuel spill snarls traffic 10 min ago
- LA gang activity coordinated from Kansas home
- LB regulates loud mufflers w/ electronic sign
- 5.7-magnitude earthquake strikes NorCal city
- Covered California announces 13 health plans
- Jodi Arias sentencing: Judge declares mistrial
- abcnews: NY man rescued after month of alleged torture
- London attack investigation: 2 more arrests
- Amanda Bynes arrested in NYC on pot charge 14 min ago
- OTRC: 'Hangover 3,' 'Fast & Furious 6' film reviews 40 min ago