Yahoo! confirmed that the speculations of the search and news portal being attacked by a hack were true. It also said that more than 450,000 accounts were affected by this attack but at the same time Yahoo tried to save itself an explanation by stating that hackers have got hold of a file that contained a list of users with older usernames and passwords. It also stated that they got hold of file from its contributor network, Yahoo Voices and Associated Content.
What comes as a surprise to those who have already seen the list of hacked accounts is that the list not only had the e-mail addresses of Yahoo! account holders, but also a number of Gmail, Hotmail and other addresses as well. This means that it has become even easier for the hackers to make another attempt of hacking the other services, specially if someone uses the Yahoo password for its other accounts as well.
Experts are of the view that phishing attacks will sound genuine following this hack as the e-mails will come from known people. Everyone irrespective of Yahoo! account holders should watch ut for suspicious emails. Also, as a preventive measure after an attack like this, it is advisable that all Yahoo account holders change their password as well as modify those of other accounts that have the same password.
Despite this not being the first time Yahoo! has been experiencing such an issue, it is facing more criticism because the file that the hackers have posted revealed that the identity info was saved in plain text rather than in coded language.
“Sadly, this breach highlights how enterprises continue to neglect basic security practices,” researcher Rob Rachwald wrote on security firm Imperva’s blog. “To add insult to injury, the passwords were stored in clear text and not hashed (encoded). One would think the recent LinkedIn breach would have encouraged change, but no. Rather, this episode will only inspire hackers worldwide.”
Shedding responsibility off its shoulders, Yahoo! said that the file that was taken was an older file that predates Yahoo’s 2010 acquisition of Associated Content and that the file was a “standalone” that did not have connections to other parts of Yahoo’s systems.
However, Yahoo! has giving assurance to its users by saying that it is working quickly to find and fix flaws in its system. It has also assured that the affected users will receive information about the breach next time they access their account.