Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Big Data / 400K Users' Data Exposed at Yahoo
400,000+ Users' Data Exposed at Yahoo Voices
400,000+ Users' Data Exposed at Yahoo Voices
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Yahoo Voices has been hacked. More than 400,000 accounts have been exposed, according to TrustedSec. The firm reports that clear-text passwords were posted online.

"The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000-plus usernames and passwords are now public," the firm said. "The method for the compromise was apparently an SQL Injection attack to extract the sensitive information from the database."

A hacker group named D33DS Company posted the e-mails and passwords online. Security firm Sophos said in a company blog post that it hoped the parties responsible for managing the security of the subdomain would take it as a wake-up call rather than a threat.

Yahoo Apologizes

Yahoo confirmed the breach, which occurred on July 11 from what it called an "older file" on the Yahoo Contributor Network, and apologized to its consumers. Yahoo Voices allows users to post their own text, photos and video as stories for others to see.

"Of these, less than 5 percent of the Yahoo! accounts had valid passwords," Yahoo said in a published statement. "We are fixing the vulnerability that led to the disclosure of this Relevant Products/Services, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised."

Social Breaches

We caught up with Anna Branding, a security analyst for Sophos, to get her take on the Yahoo breach. Sophos has reported several similar breaches over the past few weeks, including at, LinkedIn and eHarmony.

"It's really about the bad guys targeting sites and services which are commonly used," Branding told us. "Hackers follow people, so by their very nature social applications are prime targets. There's little point in targeting services with very few users."

What can Yahoo and the rest learn about security in the wake of these breaches -- or, perhaps more pointed, what should they learn? Branding said you can never be sure something is 100 percent secure, with hackers constantly finding new ways to access information.

"Organizations must ensure their systems and software are as secure as possible by encrypting the data stored on them -- so even if an attacker manages to gain access, the data they steal will be of little use to them," Branding said. "We're not talking just the obvious data such as usernames, passwords and credit card details, even innocuous information such as e-mail addresses should be stored securely."

Branding said security should be a consideration from Day One of a project. Attempting to retrospectively secure a poorly designed application or system is always going to be more difficult. In some of these cases, she said, the organizations affected have been slower to react than one would hope. Anyone can become a victim of an attack, she concluded, but it's important to inform customers as soon as possible so they take action.

Password Protection

We asked Fred Touchette, senior security analyst at AppRiver, how consumers can protect themselves. He told us the first step is to create a strong password.

"Even though it's nearly impossible to make anything 100 percent secure," Touchette said, "by utilizing multi-layered security practices, beginning with your password, you will make it much harder for anyone to get a hold of your private data and information."

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.