- Following the breach, Yahoo was criticized for not encrypting user data.
Another website has sprung a password leak! This time, the Yahoo Contributor Network became the victim of a password security breach that left more than 450,000 accounts potentially compromised.
A group going by “D33Ds Company” claimed responsibility for the hack and publicly posted data from 453,000 Yahoo accounts as proof. The hackers also issued a warning for the state of Yahoo’s security practices.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers wrote in a brief note alongside the password dump. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
Yahoo has begun investigating the breach and is taking steps to address the vulnerability that allowed D33Ds Company access. The incident also provides a good reminder of the importance of password security. It’s important to take measures to protect your accounts with good password practices.
More accounts at risk
In an ideal world, everyone would use different passwords for different websites. However, that gets tough to manage and many people use at least a few of the same passwords. While using the same password for multiple sites may be convenient, the practice makes password leaks more dangerous because it gives hackers access to even more user accounts.
A Washington Post survey conducted last month highlighted the prevalence of the problem, finding 16 percent of respondents used the same password for all websites. In addition, 30 percent said they sometimes use the same password for different websites, such as social networking and banking.
While you may not suffer too much damage if your Facebook account gets hacked, you might find yourself in a little more trouble if the same hacker can also access your bank or email accounts. It is more important to protect email than many people realize, since password recovery features for other websites rely on email, meaning a hacker with access to a user’s email can get into other accounts as well.
Do you use different passwords for each of your accounts? Are they easy to remember or complex?
