Yahoo has confirmed that passwords of Yahoo Voices users and non Yahoo email addresses have been hacked. Gmail, MSN, Hotmail, Comcast and AOL accounts have also been hacked. (Yahoo! Voices allows you to sign in with non-Yahoo! email addresses.)
The leaked email accounts information first appeared online early Thursday morning by a hacker group called “D33ds”.
A list titled “Owned and Exposed” which is created by the D33Ds Company was posted online revealing a number of details for the service including all of the email addresses and passwords for approximately 450,000 users.
The email addresses and passwords were leaked for all to see as the passwords were stored unencrypted.
The site hosting the information is intermittently down; however, Mashable reports that they were able to open the document and verify that it did in fact contain user emails and password data.
The group remarked that it created the document to be a “Wake-up call” rather than a threat.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the document says. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure.
“Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
There’s also a quote from Jean Vanier in its closing remarks: “Growth begins when we begin to accept our own weakness.”
How to check if your email address, password was compromised
Check if your email information was compromised by clicking here.
Gmail, MSN, Hotmail, Comcast and AOL accounts hacked
The Results showed that around 135,599 emails came from yahoo.com; but that a further 106,185 came from gmail.com; 54,393 from hotmail.com; 24,677 from aol.com; 8,422 from comcast.net and 6,282 msn.com. Daniel Cid, the CTO, also noted that there were multiple passwords from government accounts.
Examples of weak passwords-They were actually found by Sucuri.
Meanwhile, Sucuri, the company that created the above script, also has started to analyst the breached list. It identified some of the most common domains in the hacking list, including the most common passwords, and further analysis on password length.
Other parts of the leaked data are true to form: “123456″was used as the password for 1,666 of the accounts whereas “password” was used for 780 of them. People still use such passwords!
Other frequent ones were common first names, as well as other number variations (123123). Seven characters is the most common length of passwords.
The news comes just one day after 420,000 member accounts from social network Formspringwere compromised, and a few weeks after millions of passwords were hacked for sites such as LinkedIn, eHarmony and Last.fm.
“At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products,” the company said in a statementto TechCrunch.
“We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised,” the company said. “We apologize to affected users.”
Yahoo! also encouraged users to regularly update passwords and familiarize themselves with safety tips at security.yahoo.com.