Jump to content
Sign in to follow this  

Yahoo breach puts users of other sites at risk

Recommended Posts

Yahoo breach puts users of other sites at risk

Thu Jul 12, 2012 2:21pm EDT

By Jim Finkle

 

BOSTON (Reuters) - Yahoo Inc reported the theft of some 400,000 user names and passwords to access websites including its own, saying that hackers had taken advantage of a security vulnerability in its computer systems.

 

The security firm Rapid7 said a data file published on the Web contained logins and cleartext passwords for Yahoo as well as several other Internet services, including Google Inc's Gmail and AOL as well as Microsoft Corp's Hotmail, MSN and Live sites.

 

"It's way bigger than Yahoo," said Rapid7 researcher Marcus Carey. "We can assume that tens of thousands of people on services outside of Yahoo could be compromised."

 

Yahoo apologized for the breach in a written statement, responding to the latest piece of bad news for a company that has lost two chief executives in a year and is struggling to revive stalled revenue growth.

 

Chairman Alfred Amoroso acknowledged that Yahoo had experienced a "tumultuous" year at its annual shareholder meeting on Thursday morning. Interim CEO Ross Levinsohn told attendees he was optimistic about the company's progress.

 

Yahoo spokeswoman Dana Lengkeek did not respond to a request asking her to identify the companies whose credentials were stolen. Officials with Google, AOL and Microsoft could not immediately be reached for comment.

 

Yahoo did not disclose how many passwords were valid or say how many of the stolen logins were for Yahoo's sites.

 

Lengkeek said "an older file" had been stolen from Yahoo Contributor Network, an Internet publishing service that Yahoo purchased about two years ago. It helps writers, photographers and videographers to sell their work over the Web.

 

"We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised," she said.

 

The theft follows a breach reported last month by the business networking service LinkedIn, which resulted in the release of some 6.4 million member passwords.

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
You are posting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...