We've seen some serious hacking over the last few years, with the last notable tech-related hack being Sony, but now Yahoo! have joined the ranks of victims being hit. Yahoo! confirmed that it had the usernames, and passwords of over 400,000 accounts stolen from its servers earlier this week, and that data from these accounts were posted online briefly.
The data has since been yanked offline, but it turns out that it wasn't just for Yahoo! accounts, as Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com login info was also taken on the day and placed online. Those who hacked the servers said that they did it simply to show Yahoo! the weaknesses in their security software, elaborating:
We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.
Yahoo!'s response was that they had a fix for the vulnerability coming soon, and that the investigation is ongoing and its systems has yet to be fully secured. Yahoo! apologizes for the breach, and are advising users to change their passwords immediately.
At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.
- > NEXT STORY: Metal Gear Solid 5 has been masquerading as Project Ogre
- < PREVIOUS STORY: ESGN Winter 2012 Coverage from the University of New South Wales