Yahoo! Confirms Data Breach; 400,000 Passwords At Risk

Jul 12, 2012

Yahoo said today that hackers had stolen and posted a file that contained 400,000 usernames and passwords.

The New York Times reports that those credentials were used not only for Yahoo! services but to services such as Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, Bellsouth and Live.com.

The Times' Bits blog reports:

"The hackers claimed to have stolen the passwords using a hacking technique called an SQL injection, which exploits a software vulnerability.

"The breach comes just one month after LinkedIn, the online social network for professionals, had millions of user passwords exposed after hackers breached its systems. The breaches highlight the ease with which hackers are able to infiltrate systems, even at some of the most widely-used and sophisticated technology companies."

In a statement, Yahoo! told the BBC that the file stolen was an "older file from Yahoo Contributor Network."

"Of these, less than 5% of the Yahoo accounts had valid passwords," Yahoo! said. "We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users accounts may have been compromised."

The AP reports that the hackers, who call themselves D33D Company left a note with the stolen file.

"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call," they said according to the AP.

As always, security experts recommend that you change your passwords on a regular basis.

Copyright 2012 National Public Radio. To see more, visit http://www.npr.org/.