Earlier today, news broke that a file containing over 400,000 usernames and passwords, apparently stolen from a Yahoo service by a hacker collective, was posted online. The passwords appeared in “plaintext” (or “cleartext”), meaning they were unencrypted.

A security site that analyzed the posted data determined that the accounts were not just with Yahoo but also with other online services, including Gmail, AOL, Hotmail, and others, as well as a number of .GOV and .MIL addresses.

Yahoo has acknowledged the breach and released this statement to TechCrunch:

…We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised…

For advice on creating strong passwords, read our story “How to create a strong password (and remember it)“. And check the many tips in our Online Security Guide at ConsumerReports.org.

To find out whether any of your accounts’ credentials may have been exposed, you can check here: http://labs.sucuri.net/?yahooleak.

Sources:
Analysis of Yahoo Voice Password Leak – 453,441 Passwords Exposed. Sucuri Research Blog
Yahoo Confirms, Apologizes For The Email Hack, Says Still Fixing. Plus, Check If You Were Impacted (Non-Yahoo Accounts Apply) TechCrunch

Leave a Reply

*

*