Yahoo! confirms password hack, as security firm reveals Gmail, Hotmail users affected
Friday, July 13, 2012/
Yahoo! has confirmed and apologised for a hacking attack on its Voice service that has affected about 400,000 users – but it appears the attack may have spread much further than the company’s own servers.
The password hack comes just months after a similar attack left several LinkedIn passwords vulnerable, with security experts warning business users to update and strengthen passcodes.
The leak has soured news of Yahoo’s settlement with Facebook last week over a patent dispute.
In a statement, Yahoo! has confirmed the hack affected usernames and passwords.
“We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users’ names and passwords was stolen yesterday, July 11.”
“We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users’ accounts may have been compromised.”
But according to internet security company Sucuri, Yahoo! email addresses aren’t the only ones affected. Sucuri has now identified several other domains, including over 100,000 from Gmail, 54,000 from Hotmail and 24,600 from AOL.
Sucuri chief technology officer Daniel Cid even confirmed there were passwords included in the data from government accounts.
The leak was originally made public by a hacking group called “D33D”, which posted a full document with all the usernames and passwords. It said the hack should serve as a “wake-up call” to the company.
“There have been many security holes exploited in webservers belonging to Yahoo Inc. that have caused far greater damage than our disclosure,” it said.
Sucuri has set up a website where people can determine if their email address has been hacked.
The hack comes during a relatively quiet year for hacking attempts, after 2011 saw a number of giant companies attacked, including Sony, Nintendo and cryptography token maker RSA.
However, last month LinkedIn suffered a huge blow when Sophos revealed a file containing over six million passwords had been posted to the internet. The company forced many users to change their passwords.
Feel the churn: How to bounce back after losing staff and clients Sue Parker DARE Group founder
“Motivation is a feeling, commitment is a mindset”: Why you should start investing in yourself right now Lisa Stephenson Who Am I Projects founder
How to call your team into action with a winning presentation Emma Bannister Presentation Studio founder
The link between diet and mental health — and how to eat your way to wellbeing Kate Save Be Fit Food co-founder
From interactive videos to AI: The five marketing trends that will dominate 2019 Warwick Boulter Collaboro co-founder
Australia is leading the legaltech revolution, but what does this mean for lawyers, firms and clients? Jodie Baker Xakia founder
Why a video news release needs to be part of your PR strategy Leisa Goddard Adoni Media managing director
Want to catch more customers? Here's how to create a super sales funnel Jovana Vujnic Bumper Leads founder