Yahoo and Twitter Accounts hacked

Jump to Last Post 1-5 of 5 discussions (9 posts)
  1. Stacie L profile image87
    Stacie Lposted 11 years ago

    Yahoo has been in the news lately ,because some hackers broke into their data base and stole thousands of passwords..I've had to log in and out repeatedly and change passwords often Now twitter is reporting the same problem..anyone else having this issue?

    "Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account. "

    http://blogs.wsj.com/wsjam/2012/07/13/y … _news_blog
    yikes

    replyreport
    1. Anamika S profile image69
      Anamika Sposted 11 years agoin reply to this

      I also received the notification. Instead of clinking on the link, I went to twitter and tried to log in but could not. So I reset the password using the 'forgot password' feature. Fortunately, I did not see any harm done through my Account.

      replyreport
    2. profile image0
      mts1098posted 11 years agoin reply to this

      I just checked my Yahoo account and it seems fine...thanks for the heads up and I will check it more frequently...cheers

      replyreport
  2. MyWebs profile image78
    MyWebsposted 11 years ago

    About 8 pm last night I received an e-mail from Yahoo stating that a file containing email and passwords from users enrolled in Associated Content prior to May 2010 was publicly posted online... We are sending this message to an email found in this file...

    I fail to understand why these companies are storing unencrypted information, especially in a file and not a database. These companies either have no clue about security or just don't care.

    Complete email follows.


    You may have read in press reports that Yahoo! recently confirmed an older file containing approximately 450,000 email addresses and passwords—provided by writers who had joined Associated Content prior to May 2010—was publicly posted on the Internet. This file was a standalone file that was not used to grant access to Yahoo! systems and services. This message is being sent to an email address in this compromised file.

    We are taking important steps to address this issue and have now fixed the vulnerability that led to the disclosure of the data and enhanced our underlying security controls. As a non-Yahoo! account holder, we apologize that we cannot provide you a direct means to secure your account. We strongly recommend that you employ the security mechanisms recommended by your email service provider to secure your account.

    Additionally, given the high frequency of consumers using the same login information on services across the Internet, we strongly advise users to:

    •  Change their passwords for any account they hold every few months,
    •  Use a different password for each service or website, and
    •  Create passwords using a mixture of characters, symbols, and numbers.

    We also suggest that you proactively monitor the activity on any account you have created online. Specifically, be on the lookout for spam originating from your email, and check your sign-in activity from time to time. If you see anything suspicious—like your account was accessed in Romania when you were home in Chicago—you should change your password immediately.

    We take security very seriously at Yahoo! and invest heavily in protective measures to ensure the security of our users and their data across all our products. In addition, we will continue to take significant measures to protect our users and their data.

    We sincerely apologize for this matter.
    Yahoo! Inc.

    replyreport
  3. Uninvited Writer profile image79
    Uninvited Writerposted 11 years ago

    I also got an email from Amazon telling me to change my password.

    replyreport
  4. Uninvited Writer profile image79
    Uninvited Writerposted 11 years ago

    It all seems related to Yahoo and people who might have the same password in different places.

    replyreport
    1. MyWebs profile image78
      MyWebsposted 11 years agoin reply to this

      Right....The problem is if you use the either the same email or password for your login information on other websites. While it is very stupid to do this, many users do do this to make password management simpler.

      replyreport
  5. MyWebs profile image78
    MyWebsposted 11 years ago

    OK I was wrong about part of this. The data was stored in a database, but leaked online in a text file. But still the passwords were stored in a format that wasn't hashed or salted which is totally unacceptable for any website, especially a website as big as Yahoo.

    The Yahoo email makes it sound like a file was hacked from their system while in fact it was their database that was hacked using SQL injection. The resulting compromised data was leaked online in a .txt file. Their email is very misleading.

    This leaked emails and passwords were from older Associated Content user accounts who had an account before Yahoo acquired AC. Prior to May 2010 according to the email from Yahoo.

    After searching for and downloading the leaked file of email addresses and passwords and searching out my email I'm relived to see that it was only my simple password I use for throw away websites. Thankfully it was not my much more secure password I stupidly reuse across many different websites. I should know better since I have a hub about 'Strong Passwords'. smile Still I went around to the websites I do actually care about and changed the passwords to very complicated 12 character long passwords just to be safe using a password manager program.

    It looks like it's time for everyone online to start using a password manager program in my opinion. I would bet after all these recent hacks the government is going to get involved sooner or later and start forcing these idiotic websites to properly secure user's data or fine them. Recently linkedin  was hacked, then the other day formspring and now this..

    While hashing and salting alone isn't secure, it is the bare minimum security they should be using. For a website not to be hashing and salting passwords is gross negligence in my opinion.

    replyreport
    1. Stacie L profile image87
      Stacie Lposted 11 years agoin reply to this

      Yes I was surprised to learn that the data base was not encrypted...really!?Yahoo!

      replyreport
jump to first post
 
working

This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

 Necessary
 Features
 Marketing
 Statistics

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://corp.maven.io/privacy-policy

Show Details
Necessary
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
Features
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Marketing
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Statistics
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
ClickscoThis is a data management platform studying reader behavior (Privacy Policy)