jump to last post 1-5 of 5 discussions (9 posts)

Yahoo and Twitter Accounts hacked

  1. Stacie L profile image88
    Stacie Lposted 4 years ago

    Yahoo has been in the news lately ,because some hackers broke into their data base and stole thousands of passwords..I've had to log in and out repeatedly and change passwords often Now twitter is reporting the same problem..anyone else having this issue?

    "Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account. "

    http://blogs.wsj.com/wsjam/2012/07/13/y … _news_blog

    1. Anamika S profile image71
      Anamika Sposted 4 years ago in reply to this

      I also received the notification. Instead of clinking on the link, I went to twitter and tried to log in but could not. So I reset the password using the 'forgot password' feature. Fortunately, I did not see any harm done through my Account.

    2. mts1098 profile image84
      mts1098posted 4 years ago in reply to this

      I just checked my Yahoo account and it seems fine...thanks for the heads up and I will check it more frequently...cheers

  2. MyWebs profile image84
    MyWebsposted 4 years ago

    About 8 pm last night I received an e-mail from Yahoo stating that a file containing email and passwords from users enrolled in Associated Content prior to May 2010 was publicly posted online... We are sending this message to an email found in this file...

    I fail to understand why these companies are storing unencrypted information, especially in a file and not a database. These companies either have no clue about security or just don't care.

    Complete email follows.

    You may have read in press reports that Yahoo! recently confirmed an older file containing approximately 450,000 email addresses and passwords—provided by writers who had joined Associated Content prior to May 2010—was publicly posted on the Internet. This file was a standalone file that was not used to grant access to Yahoo! systems and services. This message is being sent to an email address in this compromised file.

    We are taking important steps to address this issue and have now fixed the vulnerability that led to the disclosure of the data and enhanced our underlying security controls. As a non-Yahoo! account holder, we apologize that we cannot provide you a direct means to secure your account. We strongly recommend that you employ the security mechanisms recommended by your email service provider to secure your account.

    Additionally, given the high frequency of consumers using the same login information on services across the Internet, we strongly advise users to:

    •  Change their passwords for any account they hold every few months,
    •  Use a different password for each service or website, and
    •  Create passwords using a mixture of characters, symbols, and numbers.

    We also suggest that you proactively monitor the activity on any account you have created online. Specifically, be on the lookout for spam originating from your email, and check your sign-in activity from time to time. If you see anything suspicious—like your account was accessed in Romania when you were home in Chicago—you should change your password immediately.

    We take security very seriously at Yahoo! and invest heavily in protective measures to ensure the security of our users and their data across all our products. In addition, we will continue to take significant measures to protect our users and their data.

    We sincerely apologize for this matter.
    Yahoo! Inc.

  3. Uninvited Writer profile image82
    Uninvited Writerposted 4 years ago

    I also got an email from Amazon telling me to change my password.

  4. Uninvited Writer profile image82
    Uninvited Writerposted 4 years ago

    It all seems related to Yahoo and people who might have the same password in different places.

    1. MyWebs profile image84
      MyWebsposted 4 years ago in reply to this

      Right....The problem is if you use the either the same email or password for your login information on other websites. While it is very stupid to do this, many users do do this to make password management simpler.

  5. MyWebs profile image84
    MyWebsposted 4 years ago

    OK I was wrong about part of this. The data was stored in a database, but leaked online in a text file. But still the passwords were stored in a format that wasn't hashed or salted which is totally unacceptable for any website, especially a website as big as Yahoo.

    The Yahoo email makes it sound like a file was hacked from their system while in fact it was their database that was hacked using SQL injection. The resulting compromised data was leaked online in a .txt file. Their email is very misleading.

    This leaked emails and passwords were from older Associated Content user accounts who had an account before Yahoo acquired AC. Prior to May 2010 according to the email from Yahoo.

    After searching for and downloading the leaked file of email addresses and passwords and searching out my email I'm relived to see that it was only my simple password I use for throw away websites. Thankfully it was not my much more secure password I stupidly reuse across many different websites. I should know better since I have a hub about 'Strong Passwords'. smile Still I went around to the websites I do actually care about and changed the passwords to very complicated 12 character long passwords just to be safe using a password manager program.

    It looks like it's time for everyone online to start using a password manager program in my opinion. I would bet after all these recent hacks the government is going to get involved sooner or later and start forcing these idiotic websites to properly secure user's data or fine them. Recently linkedin  was hacked, then the other day formspring and now this..

    While hashing and salting alone isn't secure, it is the bare minimum security they should be using. For a website not to be hashing and salting passwords is gross negligence in my opinion.

    1. Stacie L profile image88
      Stacie Lposted 4 years ago in reply to this

      Yes I was surprised to learn that the data base was not encrypted...really!?Yahoo!