I want to share a warning that Yahoo sent to some account holders, and it’s worth noting because it’s a serious issue. Apparently someone was able to obtain email address information and matching passwords for Associated Content, and this could pose an issue for some people who use the same password (or password naming convention) on multiple websites.
Here’s what Yahoo emailed to account holders who were impacted:
“You may have read in press reports that Yahoo! recently confirmed an older file containing approximately 450,000 email addresses and passwords—provided by writers who had joined Associated Content prior to May 2010—was publicly posted on the Internet. This file was a standalone file that was not used to grant access to Yahoo! systems and services. This message is being sent to an email address in this compromised file.
We are taking important steps to address this issue and have now fixed the vulnerability that led to the disclosure of the data and enhanced our underlying security controls. As a non-Yahoo! account holder, we apologize that we cannot provide you a direct means to secure your account. We strongly recommend that you employ the security mechanisms recommended by your email service provider to secure your account.
Additionally, given the high frequency of consumers using the same login information on services across the Internet, we strongly advise users to:
– Change their passwords for any account they hold every few months,
– Use a different password for each service or website, and
– Create passwords using a mixture of characters, symbols, and numbers.We also suggest that you proactively monitor the activity on any account you have created online. Specifically, be on the lookout for spam originating from your email, and check your sign-in activity from time to time. If you see anything suspicious—like your account was accessed in Romania when you were home in Chicago—you should change your password immediately.
We take security very seriously at Yahoo! and invest heavily in protective measures to ensure the security of our users and their data across all our products. In addition, we will continue to take significant measures to protect our users and their data.
We sincerely apologize for this matter.
Yahoo! Inc.“
Associated Content (now Yahoo Voices) is a website for writers to publish articles. Domain investors may be impacted because Associated Content was used by some publishers to add links to their websites (for SEO and traffic). If you have/had an Associated Content account you should make sure you aren’t impacted.
I recommend having different logins and passwords for registrars, parking companies, email…etc.
I came “home” Thursday evening and could not access my email account. I thought it had been hacked as I have received dozens of emails purporting to be AT&T or Yahoo or Paypal etc over the last year or so stating they needed my signin and password for some reason or another. Anyway, my email is back but that was a scare given all the historical data in that email account. I went ahead and changed the passwords on a couple of other accounts.
The problem is many passwords can be reset via the email
Why did this list even exist in the first place. Companys should follow the golden rule with passwords. Treat people’s passwords how they would want their passwords to be treated. That being said, passwords should always be stored encrypted. If they are stored encrypted then nobody will be able to know what it is. It will not even be able to be retrieved, only reset. Any place that supports password retrieval is not encrypting your password, at least not appropriately.
FYI, you can use this database to check if your email was compromised (gmail, hotmail, aol, comcast and MSN are in there as well)
http://labs.sucuri.net/?yahooleak