Hackers posted online what they say is login information for more than 450,000 Yahoo users. The hack, which of course was conducted anonymously, was meant to be a warning, according to the Web page where the documents were dumped.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” a note on the page said. “There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.” The statement adds that the “subdomain and vulnerable parameters” that were used to hack the site were not posted “to avoid further damage.”
The Web page where the data was dumped was offline for much of Thursday morning. Yahoo confirmed on Thursday the hack of Yahoo Voices, part of its news service, saying “approximately 400,000″ usernames and passwords were stolen. But in a written statement, the company said that less than 5% of the breached Yahoo accounts had valid passwords.
“At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products,” the statement said. “We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised.” Yahoo apologized in the statement and urged users to change their passwords on a regular basis.
As it has after previous hacks, tech blog CNET broke down the list to find the most frequently used passwords. Many of them were embarrassingly easy to crack. Sequential lists of numbers, like “12345,” were used 2,295 times, and “password” was used 780 times, out of the 450,000 passwords.
As a Yahoo user, how often has your account been hacked? What measures do you take to ensure account security?
Image: Price N Fees