Skip to footer

Yahoo hack steals 400,000 passwords. Is yours on the list?

A Yahoo hack compromises 400,000 accounts. Here's how to see if yours was stolen.

|
Paul Sakuma/AP/File
A Yahoo hack revealed more than 400,000 accounts. In this May 20, 2012 file photo, a Yahoo sign stands outside the company's offices in Santa Clara, Calif.
  • By Curt Hopkins

Yahoo, which has taken its share of hits in the last few years, added another black mark against it today when the theft of more than 400,000 accounts and as many as 450,000, including email addresses and passwords, was discovered.

The hacked emails and passwords were posted in a large text file.

The theft has been credited to a black-hat hacking crew called D33D, who most likely breached the server for Yahoo Voices, previously known as Associated Content, with an SQL injection hack. Because Yahoo purchased Associated Content in 2010, many non-Yahoo identities have been breached, including some with Google and AOL emails.

According to the Guardian, some names date back to 2006 and may be from an old list.

Seeing one's users hacked is bad news to begin with for any company, but it appears that the passwords stolen from Yahoo were not encrypted. As Information Week noted, this could put Yahoo in position to be prosecuted. Yahoo has claimed publicly that the information was protected. However if it turns out that such data was not encrypted properly, a court may find those claims to be fraudulent. As security researcher Christopher Soghoian tweeted, “Strong chance of FTC deception case re: Yahoo password breach via claim it maintains reasonable electronic safeguards.”

CNET sorted through the hacked passwords to discover sequential numbers were used 2,295 times. Among the most popular passwords in the file were “123456,” “111111,” “password” and  “password” plus numbers.

The hackers told several publications “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call.” By so doing, D33D make a claim for being do-gooders. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

If you have used Yahoo Voices or Associated Content, Dazzlepod has made the information searchable by account name.

You've read 3 of 3 free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.
Subscribe
QR Code to Yahoo hack steals 400,000 passwords. Is yours on the list?
Read this article in
https://www.csmonitor.com/Technology/Horizons/2012/0712/Yahoo-hack-steals-400-000-passwords.-Is-yours-on-the-list
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe
CSM logo

Why is Christian Science in our name?

Our name is about honesty. The Monitor is owned by The Christian Science Church, and we’ve always been transparent about that.

The Church publishes the Monitor because it sees good journalism as vital to progress in the world. Since 1908, we’ve aimed “to injure no man, but to bless all mankind,” as our founder, Mary Baker Eddy, put it.

Here, you’ll find award-winning journalism not driven by commercial influences – a news organization that takes seriously its mission to uplift the world by seeking solutions and finding reasons for credible hope.

Explore values journalism About us