Yahoo! Passwords Stolen, Posted Online - NBC 10 Philadelphia

Yahoo! Passwords Stolen, Posted Online

Approximately 400,000 email addresses and passwords were taken by hackers



    What the Tech? Yahoo Hacked

    Yahoo was hacked on Thursday and 400,000 email addresses and passwords were posted online. NBC10's Vince Lattanzio reports. (Published Thursday, July 12, 2012)

    Hundreds of thousands of email addresses and passwords were stolen from Yahoo! servers after a hacker attack, the web pioneer says.

    Yahoo! tells NBC10 that an older file containing 400,000 Yahoo! and other company usernames and passwords -- like GMail and Hotmail -- were taken yesterday. Yahoo! says the file is from the company's Contributor Network.

    That network allows individuals to write and post content which is then hosted across the company's network of websites.

    Yahoo! says less than five percent of the accounts had valid passwords, adding they are changing the passwords of affected Yahoo! users.

    "We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised," the company said in a statement to NBC10. "We apologize to affected users."

    Online security firm TrustedSec had previously reported the hackers stole 453,000 login credentials from the company's Voices website.

    A group called the D33D Company is claiming responsibility for the hack.

    A Ukraine-registered website associated with D33D Company was unreachable Thursday, but a text file containing all of the login information was still accessible. An email address and a phone number attributed to the site's registrant also appeared to be invalid.

    Yahoo!'s breach is at least the third major hacking in two months.

    Just yesterday, the social network Formspring admitted hackers stole more than 400,000 encrypted passwords from one of their servers. In response, Formspring forced all 30 million users to change their passwords.

    Last month, professional networking site LinkedIn had more than 6.4 million passwords stolen.

    Digital security firm Sucuri set up an online form to quickly check if your information was included in the data breach. It is available here.