Yahoo! apologises for password breach

K. V. Kurmanath Updated - November 16, 2017 at 05:13 PM.

If the LinkedIn password heist last month has not prodded you to be more careful about your account security yet, here is another one. Yahoo! has confirmed a similar heist yesterday in which a folder with 4.5 lakh user names and passwords was compromised by hackers. The digital media company has apologised to users for the breach.

It, however, has not replied to a query on how many users in India were affected in the password breach.

“We take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously, Associated Content) was compromised on July 11,” a Yahoo! statement said.

Of these, less than 5 per cent of the Yahoo! accounts had valid passwords. “We are taking immediate action by fixing the vulnerability that had led to the disclosure of this data, changing the passwords of the affected users and notifying the companies whose user accounts may have been compromised,” it said.

“We encourage users to change their passwords on a regular basis and also familiarise themselves with our online safety tips at security.yahoo.com,” it said.

Mr Robert Siciliano, an online security expert at McAfee, has warned Internet users that it is their responsibility to take care of the security of their accounts.

“This disclosure now requires those currently exposed to change their password. The rule of thumb is to change your passwords frequently, every six months. It’s a cliché, but true, passwords need to be strong,” he said.

Breaking in

A common mistake people make is that they use dictionary or slang terms. Beware. Dictionary attacks use software that automatically plugs common words into password fields making password-cracking a walk in the park. For instance, password-cracking becomes almost effortless with a tool like John the Ripper or similar programmes, he said.

Cracking security questions is yet another method hackers use. Many people use first names as passwords, usually the names of spouses, children, other relatives, or pets, all of which can be deduced with a little research. “When you click the “forgot password” link within a Webmail service or other site, you’re asked to answer a question or series of questions,” a McAfee statement, quoting his blog after the Yahoo! breach happened.

>kurmanath@thehindu.co.in

Published on July 13, 2012 16:01