Yahoo criticised after passwords appear online
By Stewart Mitchell
Posted on 12 Jul 2012 at 10:00
Security experts have criticised Yahoo for storing passwords in plain text, after the login details were leaked online.
Yahoo Voice users are being urged to change logins on other services they use the same password for after hackers published nearly half a million account details.
Yahoo has yet to confirm the hack – although it has told PC Pro it is working on a statement on the issue – but security experts are taking the issue seriously after 453,000 account details went public.
They have hit out at the fact the passwords were stored without encryption, which meant once they were posted online anyone could access the names and passwords of effected users.
Since all the accounts are in plain-text, anyone with an account present in the leak which also has the same password on other sites should assume that someone has accessed their account
“The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public,” said researcher David Kennedy on the TrustedSec blog. “The method for the compromise was apparently a SQL Injection attack to extract the sensitive information from the database.”
According to a report from Ars Technica, which saw the post before it was taken down, the hack was claimed by hacker group D33Ds Company, which said it wanted to highlight weaknesses in Yahoo's security.
Another month another password to change. Might as well do all of them once a month at this rate. Yahoo deserve a rocket up the behind for such lapse security procedures. Thankfully I don't have anything worth keeping registered to that account but its not the point. They should keep this data safe to start with
By mr_chips on 12 Jul 2012
If you saw what we do at Should I Change My Password mr_chips, you'd be changing it every day!
By ShayneTilley on 13 Jul 2012
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- The government website that doesn't work with IE, Chrome, Firefox, Safari, Macs or smartphones
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software