America

Yahoo! Confirms Data Breach; 400,000 Passwords At Risk

The Yahoo sign in Times Square in a 2006 file photo. i i

The Yahoo sign in Times Square in a 2006 file photo. Don Emmert /AFP/Getty Images hide caption

itoggle caption Don Emmert /AFP/Getty Images
The Yahoo sign in Times Square in a 2006 file photo.

The Yahoo sign in Times Square in a 2006 file photo.

Don Emmert /AFP/Getty Images

Yahoo said today that hackers had stolen and posted a file that contained 400,000 usernames and passwords.

The New York Times reports that those credentials were used not only for Yahoo! services but to services such as Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, Bellsouth and Live.com.

The Times' Bits blog reports:

"The hackers claimed to have stolen the passwords using a hacking technique called an SQL injection, which exploits a software vulnerability.

"The breach comes just one month after LinkedIn, the online social network for professionals, had millions of user passwords exposed after hackers breached its systems. The breaches highlight the ease with which hackers are able to infiltrate systems, even at some of the most widely-used and sophisticated technology companies."

In a statement, Yahoo! told the BBC that the file stolen was an "older file from Yahoo Contributor Network."

"Of these, less than 5% of the Yahoo accounts had valid passwords," Yahoo! said. "We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users accounts may have been compromised."

The AP reports that the hackers, who call themselves D33D Company left a note with the stolen file.

"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call," they said according to the AP.

As always, security experts recommend that you change your passwords on a regular basis.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.