jump to last post 1-6 of 6 discussions (13 posts)

Yahoo Hack

  1. melbel profile image92
    melbelposted 4 years ago

    I was notified by Twitter, Amazon, IMDB, and probably gobs of other sites down the road that I needed to change my password due to my email address appearing on the Yahoo hack text list.

    Although frustrated, I'm thankful that those sites warned me.

    I don't re-use passwords (or use things like 123456 as my password as the text list shows to be extremely common), so fortunately, I was just locked out of my accounts based on the fact that my email appeared on the list. I could only hope that others could be so lucky.

    I thought it would be nice if HP sent a warning to users because a bulk of the username/password credentials stolen were from Associated Content, a writing site that many hubbers use.

    There is a searchable cleartext list via Dazzlepod that HubPages could utilize in order to notify hubbers whose credentials appear on said list. Or maybe a PSA like, "Check your email address against this list. And don't reuse passwords."

    Just a thought.

    1. galleryofgrace profile image81
      galleryofgraceposted 4 years ago in reply to this

      You guys be careful- the email I received from Twitter was a scam. Or rather they claimed to be twitter. Never click on the links in the email. If you do, the site you arrive at is probably the scammers site. Many of them look very real. And if you go and change your password using their link you just gave them access to your account.
      I knew this because the email address they sent the phishing email to is not the one I use for twitter.

  2. Pearldiver profile image86
    Pearldiverposted 4 years ago


    It's far more than...

    'Just a Thought'

  3. Kangaroo_Jase profile image80
    Kangaroo_Jaseposted 4 years ago

    Because of this debacle, Ive had to change my passwords for 7 sites who got spooked about this.


    When I was in the corporate world, I had to change my password to my company account every month. I have never seen this for any site I use on the internet. Ever.

    Now THERE is an interesting thought.

  4. lorlie6 profile image86
    lorlie6posted 4 years ago

    I went to dazzlepod yesterday and apparently my accounts are okay.  But this situation is absolutely frightening-lesson learned.

    1. galleryofgrace profile image81
      galleryofgraceposted 4 years ago in reply to this

      Care to explain to the rest of us - exactly how you did that since dazlepod is simply a business website for which you all have caused many people to visit?

      1. 0
        Chris Hughposted 4 years ago in reply to this

        Google "dazzlepod yahoo" and you'll see that dazzlepod lets you check and see if your mail address was one of the ones hacked. Does that clear this up for you? Thanks for the friendly, open tone of your question. It's great to see questions asked and answered without insinuations.

      2. melbel profile image92
        melbelposted 4 years ago in reply to this

        Dazzlepod is just one of many sites that allows you to search by your email address to see if you were one of the several thousand users whose credentials were stolen by a group of hackers.

        While I'm not big on "hey, visit this company's site", they offer a helpful service in a time when a lot of people are finding themselves locked out of their online accounts. And, in fact, I didn't openly suggest that all hubbers check their email against dazzlepods list, but rather that HubPages use their database to create a list of hubbers they should warn. And who cares if it's dazzlepod that offers a free, searchable database for users to check? I didn't see an email from Yahoo saying, "Hey, Melanie, your sh*t's been stolen." If they profit in any way from it (do they show ads? idk), I don't have a problem with it, because really it's a service that really Yahoo! should be taking care of since it was their database that was hacked in the first place.

        PBS offers a similar service, but I found their database slow-to-load which probably wouldn't be a good option if you're going to be programatically searching a database (which is what I've proposed to HP staff.)

        And yes, don't click links in emails. That said, I truly was locked out of my Twitter, IMDB, and Amazon accounts since they did what I'm proposing what HP do: Notify hubbers if their email address appears on the list.

        Why? Because tons of people use the same password and handle across a number of accounts.

        If you used myemail@gmail.com with the password thisismypassword123 on Associated Content, it's likely that your password to login to HubPages is thisismypassword123. Maybe it's the same login info you use on Twitter, Amazon, and even your email account. If you reuse passwords AND appear on the stolen credential list, congratulations, a large group of hackers and, well now tons of people know your login information (potentially across several sites) since handles and passwords were publicly released on a text list via Twitter. Thus anyone can try your email and password set across several hundred sites to see if they can "get in".

        Bank accounts, HubPages, AdSense (heck, your entire Google account), eBay, whatever.

        And yeah, it only really pertains to people who reuse passwords, but enough people do this that it warrants a PSA.

  5. Dave Mathews profile image59
    Dave Mathewsposted 4 years ago

    I don't understand how there is a need to change your password here on Hub since we are a group of writers?

    1. Kangaroo_Jase profile image80
      Kangaroo_Jaseposted 4 years ago in reply to this

      No changes at this stage for HubPages Dave.

    2. melbel profile image92
      melbelposted 4 years ago in reply to this

      If you use the same password here as you use on other sites, there would be a need to change your password.

  6. viryabo profile image87
    viryaboposted 4 years ago

    I just checked dazzlepod and got this message:
    "You have been banned temporarily for making too many requests"

    Now this is baffling because i only tried to check a couple of minutes ago. 1 time!
    I remember when i tried to sign in a fw days ago, my "Security seal" (or something like that) was missing, so i just didn't sign in.

    Should i just change my P/W?

    1. melbel profile image92
      melbelposted 4 years ago in reply to this

      Hmm, that's really strange! I don't see a login form on the dazzlepod cleartext list anywhere. There's just a search box. Are you sure you're on the correct site? I don't see a login form anywhere on their site.

      dazzlepod.com/yahoo is the url for the searchable database, no login there, either. :S

      On a side note, if your time and date are incorrect on your computer, that would cause security certificate issues. Just noting this since it's the most common cause for cert problems, for me at least.