Save Money / Consumer News
Yahoo hacked, 450K passwords posted online
LOS ANGELES (KABC) -- Just a month after LinkedIn suffered a major breach of its data, users of Yahoo Voices have now been targeted. Several hundred thousand passwords and email addresses were stolen by hackers.
According to ABC News, some of those users were Gmail, Hotmail and AOL email account holders, meaning their information was also hacked.
Yahoo confirms as many as 450,000 email addresses and passwords got into the hands of hackers on Wednesday. The security breach targeted what the company said was an "old file" from the Yahoo Contributor Network, which is a content-sharing platform.
While Yahoo claims only 5 percent of the stolen passwords are valid, some computer security experts said the breach suggests the company was negligent in safeguarding the data.
"When that data is out there, it really is incumbent upon them to protect it wherever it might be and that wasn't being done," said Dr. Clifford Neuman, director of the USC Center for Computer Systems Security.
Neuman said the hackers, who call themselves the D33D Company, stole the un-encrypted passwords using an SQL injection, which is a tool used by hackers to extract data from vulnerable websites.
"The particular kind of attack that was exploited here is one that has been known for many years. We see it coming up again and again," said Neuman.
Yahoo on Thursday released a statement, saying, "We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users."
But security experts said users need to protect themselves from potential breaches. Neuman suggests choosing complex passwords and never using the same password for every site. And if you are a Yahoo user now, the first thing you need to do now is change your password.
"More importantly, you need to change your password not just on Yahoo, but on online banking sites where a lot of users will use the same username and password on the online banking site that they use on a site like Yahoo. You should never do this," said Neuman.
The hackers posted a full text document online containing the usernames and passwords and said the breach should be a "wakeup call" rather than a threat to Yahoo.
save money / consumer news, jovana lara
- Nelson Mandela dies in South Africa at age 95 20 min ago
- IE domestic-violence murder suspect at large
- Girl killed while walking in IE crosswalk
- Los Angeles Co. social workers go on strike
- Montebello remains are not human - coroner
- IE basketball coach accused of sexual misconduct
- New cold front to bring chance of rain, snow 16 min ago
- UCSB meningitis: Student's legs amputated
- US teacher shot dead in Libya's Benghazi
- abcnews: Teen saved after swallowing magnets
- 2015 Ford Mustang still has plenty of muscle
- Over 2 million Internet accounts hacked
- Oscar Isaac can relate to 'Llewyn Davis'
- OTRC: Keri Russell, husband Shane Deary separate
- Cool Kid raises money for children's hospital
47 min ago