Yahoo password breach extends to Gmail, Hotmail

Advertisement
By Reuters | Updated: 13 July 2012 10:08 IST
More than 400,000 Yahoo Inc user names and passwords were stolen and published on the Web, putting other websites at risk as well, after hackers exploited a vulnerability in Yahoo's computer systems.

Some logins for Google Inc, AOL Inc and Microsoft Corp services were among those compromised. The three companies said they required affected users to reset passwords for sites including Gmail, AOL, Hotmail, MSN and Live.com.

Yahoo issued a statement apologizing for the breach, the latest setback for a company that has lost two chief executives in a year and is struggling to revive stalled revenue growth.

Advertisement

Chairman Alfred Amoroso acknowledged that Yahoo had experienced a "tumultuous" year at its annual shareholder meeting on Thursday morning. Interim CEO Ross Levinsohn told attendees he was optimistic about the company's progress.

The breach prompted criticism from security experts who said that a major Internet firm like Yahoo should do a better job at protecting user data.

Advertisement

"This points to some very lax security practices," said Rob D'Ovidio, associate professor of criminal justice at Drexel University.

As an example, he noted that the hackers were able to produce more than 400,000 cleartext passwords within a day. That indicates that Yahoo either did not encrypt them at all or used an encryption method that was easy to crack, he said.

Advertisement

The professional networking service LinkedIn recently came under similar criticism. Security experts chided the company for failing to use sophisticated encryption practices to secure its passwords, millions of which were released following a breach last month.

What happened?
Yahoo spokeswoman Dana Lengkeek said "an older file" had been stolen from Yahoo Contributor Network, an Internet publishing service that Yahoo purchased about two years ago. It helps writers, photographers and videographers to sell their work over the Web.

Advertisement

"We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users' accounts may have been compromised," she said.

AOL said the Yahoo data published on the Web included valid passwords for 1,699 accounts. Microsoft and Google declined to provide similar numbers.

Other firms whose customers were at risk include Comcast Corp, Verizon Communications Inc and AT&T, Rapid7 researcher Marcus Carey said. He estimated that tens of thousands of accounts of users of services other than Yahoo were affected by the breach.

AT&T and Verizon did not have any immediate comment. Officials with Comcast could not be reached.

AOL Senior Vice President David Temkin said spammers typically use credentials like the ones stolen from Yahoo to break into email accounts and use them to send out spam.

"In this case, I think we actually got ahead of it before the people who stole those accounts were able to use them," Temkin said.

The five most popular passwords in the group were "123456", "password", "welcome" and "ninja", according to an analysis by anti-virus software maker ESET.

Copyright Thomson Reuters 2012

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: AOL, Gmail, Hotmail, Yahoo, live.com, msn
Advertisement

Related Stories

Popular Mobile Brands
  1. Samsung Schedules Galaxy Unpacked 2026 Event for July 22 in London
  2. Nothing Phone (4b) Debuts in India, Limited RCB Edition Tags Along
  3. Nothing Ear (3a) With 'Audio Snapshot', Call Recording Support Launched
  1. Samsung Galaxy Unpacked 2026 Date Announced; Galaxy Z Fold 8, Flip 8, Watch 9 Series Expected
  2. Made by Google Event for Pixel 11 Launch Set for August 12: What to Expect
  3. Qualcomm Executive Teases Snapdragon Chip for Upcoming Samsung Galaxy Devices
  4. BonkDAO Suffers $20 Million Loss Through Malicious Governance Proposal
  5. iPhone Air 2 Tipped to Feature Bigger Battery, Dual Rear Cameras
  6. Apple and Broadcom Agree to Extend Chip Supply Partnership Till 2031, Regulatory Filing Reveals
  7. Qubo Dashcam Pro 2K With Front, Rear Cameras Launched in India; Company Showcases AI Smart Home Portfolio
  8. Google Is Reportedly Working on an Option to Disable Gemini Live's Guided Vision Feature
  9. Ripple Receives Full MiCA Approval in Luxembourg for Crypto Asset Services in Europe
  10. Nothing Ear (3a) Launched With 45dB ANC, 'Audio Snapshot' and Call Recording Support: Price, Features
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.