Yahoo Japan suspects 22 million user IDs exposed

Although no passwords were included in the haul, Yahoo Japan appears to have had the user ID information for 22 million of its users leaked during an attack on 16 May. The company detected the attack based on the volume of traffic between back end administration systems and the external internet and it is from the size of that transfer that it estimates the file of 22 million login names, around a tenth of its 200 million members, was involved. Yahoo Japan could not, though, be sure that the data had been taken but told the AFP that "we can’t deny the possibility, given the volume of traffic".

Yahoo Japan is reported to have told users to reset their passwords, despite passwords or identity verification data not being taken, and has said it will improve its security measures. The user ID data is of limited use but could be used in a phishing attack, possibly leveraging the company's suggestion that users should reset their passwords. When a company asks you in email to reset the password you use, never use any links in the email it sends; the email could well be a phishing attempt and the links would send you to fake pages asking for your current log in details.

Yahoo Japan, a collaboration between Japan's SoftBank and the US Yahoo!, is currently the top search engine in the country with a 50 per cent market share; Google holds around 40 per cent share.

(djwm)