All the latest UK technology news, reviews and analysis

Yahoo confirms 400,000 passwords stolen

12 Jul 2012
Yahoo campus sign

Yahoo has confirmed reports that some 400,000 of its user passwords were stolen in arecent security breach.

The company on Thursday issued a statement confirming that on 11 July, an attacker had breached company systems and lifted the data from archived information related to the Yahoo Contributor Network. The company said that the information included account information from Yahoo and other services.

Earlier in the day, a group of hackers posted the stolen credentials online, claiming that they were not looking to encourage account theft, but rather alert Yahoo and other web application providers to the risks of bad security practices.

While the information covers hundreds of thousands of users, the company contends that only a small number of the lifted passwords will actually work as log-in credentials.

"Of these, less than five per cent of the Yahoo accounts had valid passwords," the company said.

"We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users accounts may have been compromised."

The company is advising all of users to adopt best practices for choosing and maintaining their login credentials.

Security vendors were quick to point to the incident as a call for enterprises to adopt tighter protections on their databases and employ additional management tools.

Slavik Markovich chief technology officer for McAfee's database security division, said that the breach shows the need for companies to keep a close eye on even their old and seldom-accessed data.

"It is often the case that obvious database vulnerabilities, such as weak passwords and default configuration settings, are initially overlooked and never fully remediated," Markovich said.

"An organisation's sensitive information can never be adequately secured if it lacks dedicated tools and processes to gain complete visibility into their databases' security weaknesses and eliminate the opportunity for the bad guys to exploit them."

Mark Bower, vice president with Voltage Security, said that the Yahoo breach reflected a need for companies to place tighter controls on how user credentials are stored and protected.

"This breach just goes to show that even big companies aren’t taking enough steps to protect critical data," Bower said.

"If data is not protected, it is going to be breached at some point."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols

Shaun Nichols is the US correspondent for He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?

Popular Threads

Powered by Disqus
Galaxy S5 vs Galaxy Note 3 video review

Galaxy S5 vs Note 3 video review

We see how Samsung's latest flagship compares to its premier phablet

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Senior Automation Test Analyst, Leeds

The Opportunity Our client is a hugely successful...

Front-Office Developer (C#, .NET, Java,Artificial Intelligence)

Front-Office Developer (C#, .NET, Java, Artificial Intelligence...

Head of IT Projects

Head of IT Projects Annual Salary: Up to £48,153...

Assistant IT Director

Assistant IT Director Annual Salary: Up to £74,954...
To send to more than one email address, simply separate each address with a comma.