That means that it’s even easier for hackers to ride a ripple effect off of the attack to other services and mine users’ address books for phishing attacks, especially if anyone used their Yahoo Voices account password for those accounts.
Phishing attacks can be particularly effective because the e-mails come from people the recipients know. That means everyone — regardless of whether they have a Yahoo account or not — should be on the lookout for a rise in suspicious e-mails, particularly if they link to Web sites with no context or just a line that says, “I thought this was really cool. You should check it out.”
As is always advisable with a hack of this kind, if you had a Yahoo Voices or Associated Content account, you should change your password and any account that has the same password immediately.
This is the not the first major data breach of the summer, but Yahoo is catching more criticism than LinkedIn, eHarmony, Last.fm or Formspring because the file that hackers at the D33D Company posted shows the credentials were posted in plain text.
“Sadly, this breach highlights how enterprises continue to neglect basic security practices,” researcher Rob Rachwald wrote on security firm Imperva’s blog. “To add insult to injury, the passwords were stored in clear text and not hashed (encoded). One would think the recent LinkedIn breach would have encouraged change, but no. Rather, this episode will only inspire hackers worldwide.”
Yahoo said Friday that it has acted quickly to patch the vulnerability in its systems and is letting affected users know that their accounts are open to breaches.
The company said that the file that was taken was an older file that predates Yahoo’s 2010 acquisition of Associated Content and that the file was a “standalone” that did not have connections to other parts of Yahoo’s systems.
The company said it has also beefed up its security measures for affected users and “enhanced our underlying security controls.”
Those whose accounts may have been compromised will be prompted to authenticate their accounts and change their passwords the next time they log in, the company said.
Yahoo passwords hacked, likely taken through Yahoo Voices
LinkedIn, eHarmony deal with breach aftermath
LinkedIn, eHarmony, Last.fm hacks highlight bad passwords