453,000 Yahoo Accounts Leaked

First Sony, then LinkedIn, and now Yahoo is on the list of companies that are victims to hacking.

Recently, 453 thousands Yahoo user accounts (both username and password) were leaked onto the internet. Although it sounds like Yahoo emails were the only ones that are affected, Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com login credentials was on the list also (usually for login for Yahoo services like flickr). Yahoo has confirmed that the usernames and passwords of over 400,000 accounts stolen from its servers earlier this week and the data was briefly posted online.

Although the organization responsible for hacking Yahoo servers and pulling out over 400 thousand users to show to the public, they said that they have done it to simply show how Yahoo’s security was weak. They said

We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.

As of right now, the list of user credentials was pulled off the internet, though the credentials is out there now.

In response, Yahoo said they are working on a patch to the security hole, but the investigation is ongoing and its system has yet to be fully secured. As of right now, Yahoo is apologizing users for the breach and reminding them to change their password immediately. Yahoo release a note…

At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.

One security firm has pulled the list of user credentials that was online for a brief moment in time and created a simple tool to check if you are affected.