Yahoo! confirms data breach
Yahoo! has confirmed that approximately 450,000 email addresses and passwords from its login system have been leaked on the internet. The breach was publicised after security expert Kevin Mitnick posted about it on Twitter and was initially believed only to concern the Yahoo! Voice service.
According to Yahoo!, an "old file" from the Yahoo! Contributor Network content sharing platform was compromised and is the source of the login data. The company says that only around 5 per cent of the leaked 450,000 email address and password combinations have valid passwords.
Yahoo! has stated that it is working on fixing the vulnerability and will change the passwords of affected users as well as notify other companies whose user accounts have been affected by the breach. In addition to the 140,000 Yahoo! email addresses, there were over 100,000 Gmail addresses and many from Hotmail and other services. In their statement, the company has apologised to all users affected by the data leak.
The leak could easily have been prevented by storing the email addresses and passwords in a secure fashion. For an explanation on how server administrators can accomplish this, see this feature on Storing passwords in uncrackable form from The H. Unfortunately, many of the passwords were quite weak; an analysis by CNET found "123456" to be the most popular password and 780 users who still think "password" is a good password.