In blogpost on Friday,Yahoo announced to users that it had fixed the security flaw that allowed hackers to gain access to passwords of nearly 450,000 users.
The blogpost read,
The compromised information was provided by writers who had joined Associated Contentprior to May 2010, when it was acquired by Yahoo!. (Associated Content is now the Yahoo! Contributor Network.) This compromised file was a standalone file that was not used to grant access to Yahoo! systems and services.
We have taken swift action and have nowfixed this vulnerability,deployed additional security measures for affected Yahoo! users, enhanced our underlying security controls and arein the process of notifying affected users. In addition, we will continue to take significant measures to protect our users and their data.
The blogpost also asked users who joined Associated Content prior to May 2010 log into their Yahoo email address, where they will will asked a series of authentication questions to change their password and other security information.
According to reports, a previously unknown hacker group called D33DS Company, hacked into an unidentified subdomain of Yahoo’s website where they retrieved unencrypted account details and then posted these details online.
According to Computer World Yahoo also confirmed that the stolen account credentials belonged to registered users of its Yahoo Contributor Network, which was previously known as Associated Content.
Basically this is part of the Yahoo Contributor Network where users who contribute to the network are required to sign in using a Yahoo, Google or Facebook ID. This means that if you use log in to any user service provided by Yahoo via any other id such as Gmail or Facebook, you should also change your password for that account as it could have been hacked.
The Yahoo hacking is the second biggest so far this year, after LinkedIn was hacked a few months ago causing nearly 6 million users to lose access to their accounts. While tech security on the part of these Internet giants are a major cause of concern, Yahoo users too it seems are too blame for the fiasco. According toCNET, an analysis of the passwords, that were hackedfound that more than 2,200 of them were “123456” and 780 of the passwords were just “password.”
If that’s not giving hackers an easy way in, what is?