450,000 user passwords leaked in Yahoo security breach

Yahoo confirmed yesterday that over 450,000 users’ passwords and email addresses have been leaked by a group of hackers calling itself “The D33Ds Company”.

The group published a list of email addresses and passwords which is believed to only affect users of the Yahoo Voice service, although consumer advice giant Which urged all Yahoo users to change their passwords immediately.

Some of the leaked information also came from gmail.com, hotmail.com and aol.com domains, according to security firm TrustedSec, and Yahoo has been criticised for storing the personal information without encryption. This allowed the hackers to publish the details in plain text, rendering the details readable to anyone who cared to access them.

With around 298 million monthly users, Yahoo has potentially done itself irrevocable damage in its failure to protect the passwords of users. Further panic has been caused following security firm Imperva’s suggestion that more sensitive information has been leaked, including names, addresses, phone numbers and birthdays, although this has not been published for public access. 

In, perhaps, a feeble attempt at reassurance, Yahoo claims that only 5% of the user name and password combinations were presently valid, and that the rest of the data was old and no longer relevant to users. A company statement said, “We apologise to all affected users”.

If nothing else, the leaked list does give us an insight into users’ mindsets when choosing passwords designed to protect sensitive and personal information. 1,673 of the leaked passwords were ‘123456’, while a staggering 804 of the users listed simply chose ‘password’.

Emily Eastman