Yahoo passwords hacked, likely taken through Yahoo Voices

[err0r]

Yahoo is looking into a major hack that slurped up the usernames and passwords of 435,000 accounts Thursday.

 

According to the security firm TrustedSec, a hacking group known as D33D Company picked up the passwords from Yahoo Voices, the Sunnyvale, Calif.,-based company’s crowd-sourced publishing platform. Yahoo Voices, formerly known as Associated Content, invites users to submit articles through the Yahoo Contributor Network.

 

The security firm said that the passwords and usernames appeared to be stored without encryption in plain text. That means anyone can use the information.

 

Yahoo did not immediately respond to a request for comment but said in a statement to the Associated Press that it is looking into the claims of a compromise. Yahoo’s consumer public relations chief for the United Kingdom, Caroline MacLeod-Smith, told the news service that she couldn’t provide more details about the breach that the company is investigating, including the size of the attack.

 

CNet reported that the hacking group said they wanted to give a “wake-up call” to Yahoo to boost its security measures and to individual users to strengthen their passwords.

 

According to the report, one of the most common passwords was “123456.” Other popular passwords included “111111” and “000000.”

 

VentureBeat’s John Koetsier wrote that he believes the file may be an old backup of the service, explaining that he tried two of the username and password combinations posted by the hacking group and found that neither worked.

 

“My guess right now, although it’s early in the investigation, is that the 435,000 accounts are pre-Yahoo,” he wrote, saying that they may be from Associated Content’s databases before Yahoo bought the company in 2010.

 

Still, as Koetsier notes, many people use the same usernames and passwords for multiple accounts, and it isn’t a far jump for hackers to search other sites where they think the same passwords might work.

 

If you have ever contributed or signed up to contribute to Yahoo Voices or Associated Content, it’s well worth changing that password — and changing your passwords and usernames for any other account with the same log-in information.

 

As password hacking becomes more and more common, members of Congress are pushing for data protection legislation that would set guidelines for security for customers’ personal information.

 

Source: The Washington Post