If you’re a contributor to Yahoo Voices, which lets people submit content and get paid based on readership, change your password now. The hack that exposed the log-in information for nearly half a million people initially was thought to affect just Yahoo Mail users, but reviewing the illicitly obtained data disclosed many different email domains were involved, after which it seemed as though it was users of the similarly named Yahoo Voice VoIP calling service before the answer was found.
This all started when a crew calling itself D33DS Company posted a giant text file of email addresses and passwords online in plain text, in a document titled, “Owned and Exposed.” D33DS said its purpose was to expose weaknesses in Yahoo’s security, not to profit, but they have made the information available to those with more nefarious purposes.
AfterDawn has created a search box that let’s people see if their email address is one of those affected – click here – without exposing the entire list. It does not include the passwords.
As always, it’s surprising how weak many of the passwords are, with the ever-popular “12345” and “password” leading the pack. Others are simply embarrassing to be seen out in public.
In a statement published by TechCrunch, Yahoo representatives confirmed the breach, saying the stolen data was contained in an “older file,” and only about 5 percent of the exposed credentials were still valid on Yahoo.
“We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised,” the statement continued. “We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.”
Related links:
Yahoo Voices – http://voices.yahoo.com
AfterDawn – 450,000 Yahoo passwords leaked – check if yours is amongst them
TechCrunch – Yahoo Confirms, Apologizes For The Email Hack, Says Still Fixing
Trusted Sec – Yahoo! Voices Website Breached 400,000+ Compromised
EuroSec – Statistics about Yahoo leak of 450,000 plain-text accounts
Wired – Report: Half a Million Yahoo User Accounts Exposed in Breach
Sophos’ Naked Security blog – Yahoo Voices hacked, nearly half a million emails and passwords stolen
Image is the Yahoo Voices logo