Yahoo recently announced that it has fixed the vulnerability in its system that led to the unauthorized release of more than 450,000 email passwords from users of Yahoo Voices. According to a blog post by Yahoo, “We have taken swift action and have now fixed this vulnerability, deployed additional security measures for affected Yahoo! users, enhanced our underlying security controls and are in the process of notifying affected users. In addition, we will continue to take significant measures to protect our users and their data.”
The released data only affected those users who joined Associated Content before May 2010, the same time Yahoo acquired the company. According to Yahoo, “This compromised file was a standalone file that was not used to grant access to Yahoo systems and services.” The next time the affected users sign into their Yahoo account, they will be asked to answer a series of authentication questions to change and validate account details, according to Yahoo.
The company added, “At Yahoo we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We sincerely apologize to all affected users.” Those affected users encompass 453,491 people whose emails and passwords were posted online by hacker group D33DS Company according to security firm Sophos. In a recent response to Sophos, D33DS Company stated, “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.”
Sophos recently released a new blog post that highlighted some of the insecure passwords many of the Yahoo hack victims were using. This included 1,666 people who used “123456” as their password and an additional 780 users who used “password” as their password. Among the other top choices were passwords like “welcome”, “ninja”, “sunshine”, “princess” and “qwerty”. I suddenly don’t feel as bad for these people as I used to.
Yahoo isn’t the only one who got hacked this week. Nvidia recently announced that it shut down its Developer Zone after it got hacked. That hack may have allowed the hacker to gain access to password information as well. In addition to Nvidia and Yahoo, Phandroid also got hacked, this one occurring on its Android forums.
Source: PC Mag – Yahoo Patches Email Vulnerability