Listen up Orange County residents: If you’re having trouble signing into Yahoo!, Twitter or Amazon, you could be one of hundreds of thousands of victims of a security breach announced this week by Yahoo.
While Yahoo! announced Friday that it had resolved the issue, the company confirmed on Thursday that more than 400,000 usernames and passwords were stolen and posted in an online hacker forum.
The breach may also extend to Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com users, according to the New York Times.
The compromised server was likely “Yahoo! Voices,” formerly Associated Content, according to TrustedSec.com.
The hacker group behind the breach is called D33DS Company. The group published 453,491 email addresses and passwords in the forum in plain text.
The group behind the breach added a note to the data dump, which the Times reports has since been taken offline.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers wrote.
But, points out Naked Security blogger Anna Brading, whether or not the hacker group plans to use the information illegally, the data was available for anyone to access.
“There are certainly questions which need to be answered - such as how were the hackers able to gain access to the information, and what measures was the site taking to ensure that even if its databases were breached, the passwords would not be easy to convert into plain text,” Brading wrote.
In a statement released to Tech Crunch, Yahoo said it takes security seriousy and invests heavily in protective measures to ensure the security of its users and their data, adding that less than 5% of the Yahoo! Accounts had valid passwords.
This announcement came just after another social media platform called Formspring announced that it had experienced a similar security breach, which caused the company to disable all 28 million of its passwords.
Keep Your Passwords Safe
A company that developed a script to check the affected passwords said that a large percentage of them were very simple and easy to hack, making them “unsafe.” In fact, CNet reports that the most popular password on the Yahoo! list was 123456—and there were 2,295 instances.
“I’m not saying that complicated passwords can’t be hacked,” wrote a Wired blogger. “I am saying that someone who uses starwars is going to get hacked before someone who uses F1r3F17Ru13s.”
If you think you might be among those with unsafe passwords, check out this list of tips for creating “safe” passwords.
- Use passwords with eight or more characters.
- Try to include upper and lowercase letters in your passwords.
- Also include numbers and symbols such as &, !, #, @, % when possible.
- Use different passwords for each account.
More Resources for Safe Passwords
- Generate random passwords with WolframAlpha
- Use a password manager such as LastPass
- Use Microsoft’s Secure Password Checker
- Tips for Creating Secure Passwords from Productivity 501
- Yahoo! Security Center