.

Don't Get Hacked: Secure Your Online Yahoo and Other Passwords Now

A recent security breach left more than 400,000 Yahoo! and other online passwords exposed to the world. Patch rounds up the facts and offers tips and resources for making online passwords more secure.

Listen up Orange County residents: If you’re having trouble signing into Yahoo!, Twitter or Amazon, you could be one of hundreds of thousands of victims of a security breach announced this week by Yahoo.

While Yahoo! announced Friday that it had resolved the issue, the company confirmed on Thursday that more than 400,000 usernames and passwords were stolen and posted in an online hacker forum.

The breach may also extend to Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com users, according to the New York Times.

The compromised server was likely “Yahoo! Voices,” formerly Associated Content, according to TrustedSec.com.

The hacker group behind the breach is called D33DS Company. The group published 453,491 email addresses and passwords in the forum in plain text.

The group behind the breach added a note to the data dump, which the Times reports has since been taken offline.

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers wrote.

But, points out Naked Security blogger Anna Brading, whether or not the hacker group plans to use the information illegally, the data was available for anyone to access.

“There are certainly questions which need to be answered - such as how were the hackers able to gain access to the information, and what measures was the site taking to ensure that even if its databases were breached, the passwords would not be easy to convert into plain text,” Brading wrote.

In a statement released to Tech Crunch, Yahoo said it takes security seriousy and invests heavily in protective measures to ensure the security of its users and their data, adding that less than 5% of the Yahoo! Accounts had valid passwords.

This announcement came just after another social media platform called Formspring announced that it had experienced a similar security breach, which caused the company to disable all 28 million of its passwords.

Keep Your Passwords Safe

A company that developed a script to check the affected passwords said that a large percentage of them were very simple and easy to hack, making them “unsafe.” In fact, CNet reports that the most popular password on the Yahoo! list was 123456—and there were 2,295 instances.

“I’m not saying that complicated passwords can’t be hacked,” wrote a Wired blogger. “I am saying that someone who uses starwars is going to get hacked before someone who uses F1r3F17Ru13s.”

 If you think you might be among those with unsafe passwords, check out this list of tips for creating “safe” passwords.

  • Use passwords with eight or more characters.
  • Try to include upper and lowercase letters in your passwords.
  • Also include numbers and symbols such as &, !, #, @, % when possible.
  • Use different passwords for each account.

More Resources for Safe Passwords

Alberto Barrera July 15, 2012 at 02:54 AM
You could also take a look at a blog post I made last year during the Summer of Lulz http://sanjuancapistrano.patch.com/blog_posts/a-lesson-in-password-security
Eric Bergstrom July 15, 2012 at 04:26 PM
Thank you, Patch! How can I find out whether or not my identity and information was stolen? Do you have a link to the 400,000 email addresses that were affected?
Panglonymous July 15, 2012 at 11:13 PM
TechCrunch 7/12/12: "Meanwhile, security specialists are now parsing the data and one [Sucuri] has created a script to check if your email address (which doesn't have to be a @yahoo.com address) is among those exposed." http://techcrunch.com/2012/07/12/yahoo-confirms-apologizes-for-the-email-hack-says-still-fixing-plus-check-if-you-were-impacted-non-yahoo-accounts-apply/ http://en.wikipedia.org/wiki/TechCrunch http://en.wikipedia.org/wiki/Sucuri Sucuri.net page, "Yahoo Leak Password Checker" (linked in TechCrunch article): http://labs.sucuri.net/?yahooleak FWIW, it's not an https (secure) page.

Boards

More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something
See more »