100,000 Gmail accounts put at risk by Yahoo! breach

Updated happygeek 0 Tallied Votes 426 Views Share

If the news that the Yahoo! Contributor Network user-generated content site has been breached and more than 450,000 usernames and passwords compromised as a result wasn't bad enough, look behind yesterdays headlines and the situation is revealed to be much, much worse. If you were one of those folk who signed into the Yahoo! Contributor Network with your Gmail or Hotmail credentials, then those accounts are also obviously now compromised.

dweb-yahoohack

The D33Ds Co hacker collective has published a file containing all the login data from the breach, which appears to have been as simple as the most basic of SQL injection exploits. No, seriously: Yahoo! (one of the biggest Internet brands on the planet) appears to have fallen victim to one of the easiest of all security vulnerabilities to defend against.

If that wasn't bad enough, the login data of paired usernames and passwords also appear to have not been encrypted and just sat there on the database in plain text format. At least the LinkedIn breached passwords were hashed, if not salted, whereas Yahoo! apparently couldn't even be bothered with basic encryption of any kind.

It's not even that Yahoo! can blame the Associated Content site that it acquired for $100 million and turned into the Yahoo! Contributor Network for the lax security measures. That acquisition was two years ago now, plenty of time for Yahoo! to have sewn it up tight. The statement from Yahoo! that "we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products" really doesn't seem to quite gel with this particular episode I'm sorry to say.

Yahoo! itself claims that no more than 5% of the published logins are current, but even if those claims are correct that would still leave 22,500 folk at risk. And anyway, this breach goes beyond just being a case of 'your breach was bigger than mine' as any breach of any size is a security lapse too far. Plus, of course, as I've hinted at already the breach also puts other system logins at risk. A quick analysis of the hacked file would seem to suggest more than 100,000 Gmail accounts are included, and more than 50,000 Hotmail accounts.

The usual advice applies: if you have ever used the Yahoo! Contributor Network service, or the Associated Content site before it, change your password. If you have ever logged in with your Gmail or Hotmail accounts, then change those as well. And do it now.

Rob Rachwald, Director of Security Strategy at Imperva, says "Sadly, this breach highlights how enterprises continue to neglect basic security practices. One would think the recent LinkedIn breach would have encouraged change, but no. Rather, this episode will only inspire hackers worldwide".

You can check if your email address appears on the list of hacked accounts using this tool.

Mike+9 0 Light Poster

It's really no surprise considering that Yahoo Messenger is as bugged and easy to hack. And they wonder why they are going down...

john29 0 Light Poster

security breach is one of the most sought after question on our online world. this is a shame for google.

PrimeOutsourcin -2 Junior Poster in Training

Yahoo must focus in tightening their security now so that they can win over their users.

Seten -1 Junior Poster

So basically with all the leaked private information, logins, passwords, etc, do we still need cloud? Maybe a law should be created to compensate the users(victims), in case of data breach. Simple sorry is not enough for me as it is starting to be a mayor problem and companies are not learning from mistakes of other companies until it is too late for them. But they are doing the opposite, hiding the leak, saying it is unimportant or throwing the problem on other 3rd party companies.

juliasrobert 0 Newbie Poster

Yahoo must focus in tightening their security now so that they can win over their users.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.