About 450,000 user accounts and passwords of Yahoo! were stolen and posted on the Web, which threatens to other sites email. Some logins Gmail (Google), Hotmail(Microsoft) and AOL are among those involved. The three companies said affected users can now reset their passwords.
Yahoo! released a statement apologizing for the violation of data privacy suffered yesterday before the attack by a group of hackers. “It is the latest setback for a company that has lost two senior executives in a year and is struggling to revive stalled revenue growth.
President Alfred Amoroso acknowledged that Yahoo! had experienced a “tumultuous year” in its annual shareholder meeting on the morning of Thursday. Chief executive Ross Levinsohn, was nevertheless optimistic about the progress of the company.
The incidence drew criticism from security experts who said that an Internet company like Yahoo! should do a better job in protecting user data. “This points to some very lax safety practices,” said Rob D’Ovidio, associate professor of criminal justice at Drexel University. As an example, said the hackers were able to produce more than 400,000 text passwords in one day. This indicates that Yahoo! or not figure at all, or uses an encryption method that was easy to crack, he said.
The LinkedIn professional networking service recently came under similar criticism. Security experts criticized the company for failing to use sophisticated encryption practices to protect your passwords, millions of which were leaked last month.
Yahoo! spokeswoman Dana Lengkeek explained that “previous file” had been stolen fromYahoo Contributor Network , an Internet publishing service that Yahoo! purchased about two years ago. This service helps writers, photographers and cameramen to sell their work via the Internet. “We are fixing the vulnerability that led to the disclosure of this information, change passwords for Yahoo! users and notify affected companies whose user accounts can be compromised,” he said.
AOL said the Yahoo data published on the Web include 1,699 valid passwords for accounts.Microsoft and Google declined to provide similar figures. Other companies whose customers were at risk include Comcast and Verizon Communications and AT & T, said researcher Marcus Carey.
AOL Vice President David Temkin said that spammers often use credentials obtained from violations such as that experienced in penetrating Yahoo! mail accounts and use them to send spam. The five most popular keys in the group were “123456”, “password”, “Welcome” and “Ninja” according to an analysis by ESET anti-virus software maker.