Linking up accounts and services seems like it could make life easier doesn’t it? Until you link things up on the Internet so closely that one security breach could lead to several from you email accounts to your PayPal accounts as well as the services you use on sites like Yahoo, MSN and Google. A recent theft of over 450,000 log-in credentials were discovered from a Yahoo service. Unfortunately this theft was not limited to just Yahoo services as many people link up their services with their email address, no matter what provider they may have.
The hackers, “D33Ds Company” released a statement about the incident stating that this should be a wake up call to Yahoo for “lax security.”
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
While the theft of this data is scary, what is even more frightening is that according to TrustedSec the passwords and information were stored completely unencrypted.
Chief technology officer at Eurosecure, antivirus vendor ESET’s distributor in Scandinavia, Anders Nilsson, revealed that the most common domain names for the leaked email addresses were aol.com, gmail.com hotmail.com and yahoo.com. You can find even more statistics about this incident and the services affected on his blog. Surprisingly enough the most common password is the one that everyone is told not to use and out of approximately 342,000 entries, 1,666 of them use the password 123456.
If you want to know if you have been compromised you can visit Sucuri Malware Labs and use your email address. You will receive a message that you were or were not found on the leak. It is a lot easier to do than to try to wait for (they are experiencing large traffic) the D33Ds site to load with a text list of all the email addresses harvesting by their hacking.
What does Yahoo have to say? “We are currently investigating the claims of a compromise of Yahoo! user IDs,” Caroline MacLeod-Smith, Yahoo’s head of consumer PR in the UK, said via email to PC World. “We encourage users to change their passwords on a regular basis and also familiarise themselves with our online safety tips at security.yahoo.com.”
If you have a Yahoo account you should change your passwords immediately, and if you use any of those named above as the most likely to have been compromised, you should take time to change those passwords right now too. Remember to use unusual password word and number combinations and you may want to avoid using passwords you are using on other accounts that may also be compromised.