Skip to: Content
Skip to: Site Navigation
Skip to: Search


Horizons

Yahoo hack steals 400,000 passwords. Is yours on the list?

A Yahoo hack compromises 400,000 accounts. Here's how to see if yours was stolen.

By Curt Hopkins / July 12, 2012

A Yahoo hack revealed more than 400,000 accounts. In this May 20, 2012 file photo, a Yahoo sign stands outside the company's offices in Santa Clara, Calif.

Paul Sakuma/AP/File

Enlarge

Yahoo, which has taken its share of hits in the last few years, added another black mark against it today when the theft of more than 400,000 accounts and as many as 450,000, including email addresses and passwords, was discovered.

Skip to next paragraph

Recent posts

The hacked emails and passwords were posted in a large text file.

The theft has been credited to a black-hat hacking crew called D33D, who most likely breached the server for Yahoo Voices, previously known as Associated Content, with an SQL injection hack. Because Yahoo purchased Associated Content in 2010, many non-Yahoo identities have been breached, including some with Google and AOL emails.

According to the Guardian, some names date back to 2006 and may be from an old list.

Seeing one's users hacked is bad news to begin with for any company, but it appears that the passwords stolen from Yahoo were not encrypted. As Information Week noted, this could put Yahoo in position to be prosecuted. Yahoo has claimed publicly that the information was protected. However if it turns out that such data was not encrypted properly, a court may find those claims to be fraudulent. As security researcher Christopher Soghoian tweeted, “Strong chance of FTC deception case re: Yahoo password breach via claim it maintains reasonable electronic safeguards.”

CNET sorted through the hacked passwords to discover sequential numbers were used 2,295 times. Among the most popular passwords in the file were “123456,” “111111,” “password” and  “password” plus numbers.

The hackers told several publications “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call.” By so doing, D33D make a claim for being do-gooders. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

If you have used Yahoo Voices or Associated Content, Dazzlepod has made the information searchable by account name.

Permissions

Read Comments

View reader comments | Comment on this story

  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer

 

Doing Good

 

What happens when ordinary people decide to pay it forward? Extraordinary change...

Endeavor Global, cofounded by Linda Rottenberg (here at the nonprofit’s headquarters in New York), helps entrepreneurs in emerging markets.

Linda Rottenberg helps people pursue dreams – and create thousands of jobs

She's chief executive of Endeavor Global, a nonprofit group that gives a leg up to budding entrepreneurs.

 
 
Become a fan! Follow us! Google+ YouTube See our feeds!