Yahoo hacked, 450,000 passwords posted online
July 12, 2012
Hackers posted online what they say is login information for more than 450,000 Yahoo users.
The hack, which of course was conducted anonymously, was meant to be a warning, according to the Web page where the documents were dumped.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” a note on the page said. “There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.”
The statement adds that the “subdomain and vulnerable parameters” that were used to hack the site were not posted “to avoid further damage.”
The Web page where the data was dumped was offline for much of Thursday morning.
Yahoo confirmed on Thursday the hack of Yahoo Voices, part of its news service, saying “approximately 400,000” usernames and passwords were stolen. But in a written statement, the company said that less than 5% of the breached Yahoo accounts had valid passwords.
“At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products,” the statement said. “We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised.”
Yahoo apologized in the statement and urged users to change their passwords on a regular basis.
Voices is an online publishing tool. Formerly known as Associated Content, it was acquired by Yahoo in 2010. Starting in its days as an independent company, many have criticized it as a “content farm,” a website that cranks out low-quality content designed to game search engines like Google to get page views and sell advertising.
Perhaps due to the similarity of the names, some early reports from security analysts and others identified the hack as impacting users of Yahoo Voice, the site’s Web phone service.
As it has after previous hacks, tech blog CNET broke down the list to find the most frequently used passwords. Many of them were embarrassingly easy to crack.
Sequential lists of numbers, like “12345,” were used 2,295 times, and “password” was used 780 times, out of the 450,000 passwords.