If you’re a contributor to Yahoo Voices, which lets people submit content and get paid based on readership, change your password now. The hack that exposed the log-in information for nearly half a million people initially was thought to affect just Yahoo Mail users, but reviewing the illicitly obtained data disclosed many different email domains were involved, after which it seemed as though it was users of the similarly named Yahoo Voice VoIP calling service before the answer was found.
This all started when a crew calling itself D33DS Company posted a giant text file of email addresses and passwords online in plain text, in a document titled, “Owned and Exposed.” D33DS said its purpose was to expose weaknesses in Yahoo’s security, not to profit, but they have made the information available to those with more nefarious purposes.
As always, it’s surprising how weak many of the passwords are, with the ever-popular “12345” and “password” leading the pack. Others are simply embarrassing to be seen out in public.
In a statement published by TechCrunch, Yahoo representatives confirmed the breach, saying the stolen data was contained in an “older file,” and only about 5 percent of the exposed credentials were still valid on Yahoo.
“We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised,” the statement continued. “We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.”
Yahoo Voices – http://voices.yahoo.com
Trusted Sec – Yahoo! Voices Website Breached 400,000+ Compromised
Sophos’ Naked Security blog – Yahoo Voices hacked, nearly half a million emails and passwords stolen
Image is the Yahoo Voices logo