Yahoo! Suffers Data Breach; More Than 450,000 User Names and Passwords Exposed

If your password looks something like “123456,” you might want to change it.

By Alice Cheng

Late Wednesday evening, hackers successfully breached Yahoo! security published a list of unencrypted emails and passwords. The list exposed the login information of more than 450,000 Yahoo! users. The hackers, who call themselves the D33D Company, explained that they obtained the passwords by using an SQL injection vulnerability—a technique that is often used to make online databases cough up information. The familiar method has been employed in other high-profile hacks, including of Sony and, more recently, LinkedIn.

However, unlike other malicious attacks, the D33D hackers claim that they only had good intentions: “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.”

The attempted wake-up call is apparently much needed, though often ignored. An analysis of the exposed Yahoo! passwords revealed that a large number were incredibly weak— popular passwords in the set ranged from sequential numbers to being merely “password.”

In a statement, Yahoo! apologized and stated that notifications will be sent out to all affected users. The company also urged users to change their passwords regularly.

 If you are a Yahoo! user, you may want to change your account password, as well as any accounts with similar login credentials. It will also be well worth your time to heed to the wake-up call and incorporate better password practices. Use a different password for each site, and create long passwords that include a mix of upper- and lower- case letters, numbers, and symbols. To help keep things simple, password management software (such as LastPass and KeePass) is also available to help keep track of the complex passwords you create.