Yahoo fixes glitch that let hackers access half a million passwords
YAHOO has fixed a glitch in its security software which allowed hackers access to 450,000 email addresses and passwords which they then leaked online last week.
In a statement on the company blog, a spokesman for Yahoo wrote: “Yahoo! recently confirmed that an older file containing approximately 450,000 email addresses and passwords was compromised. The compromised information was provided by writers who had joined Associated Content prior to May 2010, when it was acquired by Yahoo. (Associated Content is now the Yahoo! Contributor Network.) This compromised file was a standalone file that was not used to grant access to Yahoo systems and services.
“We have taken swift action and have now fixed this vulnerability, deployed additional security measures for affected Yahoo! users, enhanced our underlying security controls and are in the process of notifying affected users. In addition, we will continue to take significant measures to protect our users and their data.”
Hackers belonging to a group called D33Ds Company posted the Yahoo account information on a public website in what they described as "a wake-up call" last week.
David Emm, senior security researcher at Kaspersky, said: "Unfortunately, many people use the same password for multiple online accounts. This brings with it the risk that a compromise of one account puts all their accounts at risk. We would urge everyone to use a unique, complex password for all online accounts, i.e. one that is at least eight characters and mixes letters, numbers and symbols."
In a message posted along with the leaked data, the hackers said: "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat."
The note added: "There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."
The leak is the latest of a stream of attacks on high profile websites. Last month more than six million passwords for the professional social networking service LinkedIn were published online. Days later music website Last.fm warned users of a potential password theft.
Yahoo has been struggling to define its purpose and goals for the last several years.
Earlier this year its previous chief, Scott Thompson, left after it was discovered that his CV included a computer science degree that he did not in fact possess.
Thompson also disclosed that he had been diagnosed with thyroid cancer.
Levinsohn, the new CEO appointed to replace Thompson, said in May 2012 that the company is on a ‘bumpy road but heading in the right direction’.