SHARE

If you’re a contributor to Yahoo Voices, which lets people submit content and get paid based on readership, change your password now. The hack that exposed the log-in information for nearly half a million people initially was thought to affect just Yahoo Mail users, but reviewing the illicitly obtained data disclosed many different email domains were involved, after which it seemed as though it was users of the similarly named Yahoo Voice VoIP calling service before the answer was found.

This all started when a crew calling itself D33DS Company posted a giant text file of email addresses and passwords online in plain text, in a document titled, “Owned and Exposed.” D33DS said its purpose was to expose weaknesses in Yahoo’s security, not to profit, but they have made the information available to those with more nefarious purposes.

AfterDawn has created a search box that let’s people see if their email address is one of those affected – click here – without exposing the entire list. It does not include the passwords.

As always, it’s surprising how weak many of the passwords are, with the ever-popular “12345” and “password” leading the pack. Others are simply embarrassing to be seen out in public.

In a statement published by TechCrunch, Yahoo representatives confirmed the breach, saying the stolen data was contained in an “older file,” and only about 5 percent of the exposed credentials were still valid on Yahoo.

“We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised,” the statement continued. “We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.”

Related links:

Yahoo Voices – http://voices.yahoo.com

AfterDawn – 450,000 Yahoo passwords leaked – check if yours is amongst them

TechCrunch – Yahoo Confirms, Apologizes For The Email Hack, Says Still Fixing

Trusted Sec – Yahoo! Voices Website Breached 400,000+ Compromised

EuroSec – Statistics about Yahoo leak of 450,000 plain-text accounts

Wired – Report: Half a Million Yahoo User Accounts Exposed in Breach

Sophos’ Naked Security blog – Yahoo Voices hacked, nearly half a million emails and passwords stolen

Image is the Yahoo Voices logo

LEAVE A REPLY