All the latest UK technology news, reviews and analysis


Yahoo confirms 400,000 passwords stolen

12 Jul 2012
Yahoo campus sign

Yahoo has confirmed reports that some 400,000 of its user passwords were stolen in arecent security breach.

The company on Thursday issued a statement confirming that on 11 July, an attacker had breached company systems and lifted the data from archived information related to the Yahoo Contributor Network. The company said that the information included account information from Yahoo and other services.

Earlier in the day, a group of hackers posted the stolen credentials online, claiming that they were not looking to encourage account theft, but rather alert Yahoo and other web application providers to the risks of bad security practices.

While the information covers hundreds of thousands of users, the company contends that only a small number of the lifted passwords will actually work as log-in credentials.

"Of these, less than five per cent of the Yahoo accounts had valid passwords," the company said.

"We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users accounts may have been compromised."

The company is advising all of users to adopt best practices for choosing and maintaining their login credentials.

Security vendors were quick to point to the incident as a call for enterprises to adopt tighter protections on their databases and employ additional management tools.

Slavik Markovich chief technology officer for McAfee's database security division, said that the breach shows the need for companies to keep a close eye on even their old and seldom-accessed data.

"It is often the case that obvious database vulnerabilities, such as weak passwords and default configuration settings, are initially overlooked and never fully remediated," Markovich said.

"An organisation's sensitive information can never be adequately secured if it lacks dedicated tools and processes to gain complete visibility into their databases' security weaknesses and eliminate the opportunity for the bad guys to exploit them."

Mark Bower, vice president with Voltage Security, said that the Yahoo breach reflected a need for companies to place tighter controls on how user credentials are stored and protected.

"This breach just goes to show that even big companies aren’t taking enough steps to protect critical data," Bower said.

"If data is not protected, it is going to be breached at some point."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?
22%
11%
0%
56%
11%

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Project Manager with SAP experience

Our award winning and highly successful client is seeking...

PHP Developer- PHP, Zend, REST, SOAP, Unit Testing, HTML5, CSS3, JavaScript, jQuery)

PHP Developer (PHP, Zend, REST, SOAP, Unit Testing, HTML5...

Recruitment Pre Sales Consultant

Flex services are a key part of our client's value proposition...

Recruitment Pre Sales Consultant

Flex services are a key part of our client's value proposition...
To send to more than one email address, simply separate each address with a comma.