Yahoo hacked, 450K passwords posted online

By ABC7
LOS ANGELES

According to ABC News, some of those users were Gmail, Hotmail and AOL email account holders, meaning their information was also hacked.

Yahoo confirms as many as 450,000 email addresses and passwords got into the hands of hackers on Wednesday. The security breach targeted what the company said was an "old file" from the Yahoo Contributor Network, which is a content-sharing platform.

While Yahoo claims only 5 percent of the stolen passwords are valid, some computer security experts said the breach suggests the company was negligent in safeguarding the data.

"When that data is out there, it really is incumbent upon them to protect it wherever it might be and that wasn't being done," said Dr. Clifford Neuman, director of the USC Center for Computer Systems Security.

Neuman said the hackers, who call themselves the D33D Company, stole the un-encrypted passwords using an SQL injection, which is a tool used by hackers to extract data from vulnerable websites.

"The particular kind of attack that was exploited here is one that has been known for many years. We see it coming up again and again," said Neuman.

Yahoo on Thursday released a statement, saying, "We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users."

But security experts said users need to protect themselves from potential breaches. Neuman suggests choosing complex passwords and never using the same password for every site. And if you are a Yahoo user now, the first thing you need to do now is change your password.

"More importantly, you need to change your password not just on Yahoo, but on online banking sites where a lot of users will use the same username and password on the online banking site that they use on a site like Yahoo. You should never do this," said Neuman.

The hackers posted a full text document online containing the usernames and passwords and said the breach should be a "wakeup call" rather than a threat to Yahoo.

Copyright © 2024 KABC Television, LLC. All rights reserved.
TOP STORIES
California's top 6 safest cities are in Orange County, report says
LASD asks for help solving 2020 murder of man in Norwalk parking lot
Body found in U-Haul truck abandoned in Mid-City
Homeless man builds makeshift home next to 110 Freeway
Dubai airport remains jammed after historic rainfall in desert
LA restaurant offers support to purse-snatching victim after ABC7 post
LASD K-9 shot in Compton; bulletproof vest 'may have saved his life'
Show More
81 arrests during first Coachella weekend, down from last year
Red Lobster eyes bankruptcy after $11M in losses from endless shrimp
Ashanti and Nelly are engaged and expecting a baby
Crash that killed LA recruit firefighter not classified as hit-and-run
2 jurors dismissed from Trump's hush money trial
More TOP STORIES News