LinkedIn, Last.fm, now Yahoo? Don't ignore news of a password breach.

A Yahoo hack stole passwords from 400,000 user accounts. Add those to the millions snatched last month and it's easy to feel numb toward these breaches. Resist that urge. Friends and associates may pay for your inaction.

|
Rick Wilking/Reuters
Yahoo reported the theft of 400,000 user names and passwords to access its own site as well as those of other companies, saying that hackers had taken advantage of a security vulnerability in its computer systems. Pictured, the Yahoo logo is seen at the Consumer Electronics Show (CES) in Las Vegas, Nevada, in 2008.

Yahoo confirmed Thursday that more than 400,000 user e-mail addresses and passwords have been compromised and posted online. The hackers claim to be do-gooders, breaking into Yahoo to shine a light on its potentially lax security.

Regardless of their intentions, the passwords are now online for everyone to see. The strike comes just a month after millions of passwords leaked onto the Internet. LinkedIn, the business-oriented social network, confirmed that nearly 6.5 million user passwords had wound up on websites frequented by criminal hackers. The same week, dating site eHarmony and the Internet radio service Last.fm acknowledged additional breaches that exposed the passwords of at least 1.5 million users.

If you use any of these sites, change your passwords immediately.

This rapid-fire series of announcements raises the question: Why would hackers target these sites? What could possibly be culled from someone's online résumé and dating history?

A lot, says Marian Merritt, Internet-safety advocate for the computer security company Symantec. People on LinkedIn share all kinds of information about their career history – names, associations, and department titles. Armed with details about someone's past, a hacker might pose as a former co-worker or pretend to be that person in order to scam people out of money.

"Oh, remember? We worked on this project back in '82," says Ms. Merritt, playing the part of a hacker who's laying the groundwork for a con. "I'm looking for X. Can you help me?"

This kind of scheme, called "spear phishing," requires a lot of effort, but going after the right target can be very lucrative. "The definition of a 'big fish' isn't necessarily the CEO of a corporation," says Merritt. "People often forget that churches manage money, membership dues, and whatever fundraisers. They have millions of dollars going through transactions, and it may be managed by somebody that doesn't have good security training because they're a volunteer or [work] part time."

Exposed passwords could also unlock other parts of a person's digital life. At the moment, it's unclear whether the ill-gotten passwords came with the corresponding usernames. Just in case, Gary Davis advises people to change passwords not only on the breached networks, but also on any website where they used the same login information.

"If I use the word 'password' as my password, and I use the e-mail address 'normangdavis,' well they can try that [combination] at my bank and see if that gets them in," says Mr. Davis, worldwide product marketing lead for security firm McAfee.

Fed up with remembering different passwords? Symantec and McAfee offer password managers. The paid services create unique logins for every site you use. You memorize a single password for the service – the software takes care of the rest.

For more on how technology intersects daily life, follow Chris on Twitter @venturenaut.

[Editor's note: This is an updated version of an article that appeared in the June 25 issue of the Monitor weekly magazine.]

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to LinkedIn, Last.fm, now Yahoo? Don't ignore news of a password breach.
Read this article in
https://www.csmonitor.com/Technology/Tech/2012/0713/LinkedIn-Last.fm-now-Yahoo-Don-t-ignore-news-of-a-password-breach
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe