Image Credit: Yahoo

Yahoo Hacked What to Do

What’s all this buzz about Yahoo Voices? Well, hackers have struck again. Recently, they were able to compromise the password security for hundreds of account on LinkedIn: a networking site used by thousands of proffesionals. Now they have set out to – if you can believe it - teach Yahoo a lesson. Yup folks, Yahoo has been hacked.

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers said in a comment at the bottom of the data. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

The hacked data contained more than 453,000 login credentials, apparently obtained from Yahoo Voices (according to TrustedSec report.) Yahoo Voices is an associated content website where people like me and you voice our opinions and expertise on a variety of topics and get paid to do so.

What that means is while these hackers wanted to “teach Yahoo a lesson” your login credentials may be out there for the world to see.  To make matters worse the information was hosted on Yahoo’s servers in plain text (which is why it was so easy to hack) and then re-posted for all the world to see. If you have ever used Yahoo Voices, like me, and got paid then your bank account could potentially be compromised by other hackers who now have access to your account.

You can find out if your email and password are listed here.

*note* pay attention to the part where you can ask to have your email removed from the list, if it is indeed found in the search!

Whether or not your name is on the list, I would change your password immediately. The hackers made a point that many of Yahoo’s subdomains are vulnerable and I wouldn’t be surprised if something like this happened again. If you’re name IS on the list and that password is used on other accounts I would change those as well.

So what does Yahoo have to say about all of this? I found this waiting for me when I logged into my Yahoo Voices account.

At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords was compromised on July 11. For information on this issue and how it will be resolved, please visit our Bulletin Board Forum (updated 7/13 with information released by Yahoo here). We will contact you privately today if your account was affected.

Gee, thanks Yahoo but I would have more faith in how much you took my security “very seriously and invested heavily in protective measures” if hackers hadn’t obtained over 453,000 login credentials and then called you out on it.

Speaking of which, how do you feel about the hackers actions? Immoral? Obviously. But I can’t decide whether to applaud their gall or take them by their ear and give them a firm talking to. Because they wanted to teach Yahoo a lesson – which I believe is code for showing off – they could have potentially opened a bigger can of worms and compromised thousands of peoples private information. Not okay.