Yahoo confirms 400,000 passwords stolen

[Starbuck]

Yahoo has confirmed reports that some 400,000 of its user passwords were stolen in arecent security breach.

 

The company on Thursday issued a statement confirming that on 11 July, an attacker had breached company systems and lifted the data from archived information related to the Yahoo Contributor Network. The company said that the information included account information from Yahoo and other services.

 

Earlier in the day, a group of hackers posted the stolen credentials online, claiming that they were not looking to encourage account theft, but rather alert Yahoo and other web application providers to the risks of bad security practices.

 

While the information covers hundreds of thousands of users, the company contends that only a small number of the lifted passwords will actually work as log-in credentials.

 

"Of these, less than five per cent of the Yahoo accounts had valid passwords," the company said.

 

"We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users accounts may have been compromised."

 

The company is advising all of users to adopt best practices for choosing and maintaining their login credentials.

 

Security vendors were quick to point to the incident as a call for enterprises to adopt tighter protections on their databases and employ additional management tools.

 

Slavik Markovich chief technology officer for McAfee's database security division, said that the breach shows the need for companies to keep a close eye on even their old and seldom-accessed data.

 

 

 

Source:

http://www.v3.co.uk/v3-uk/news/2191339/yahoo-confirms-400-000-passwords-stolen