PhotoYahoo has confirmed that hackers were able to break into servers and steal more than 450,000 user names and passwords.

The good news, the company says, is most are for an old service and many are no longer active. The company calls it a "wake-up call more than a threat."

According to Yahoo, the unencrypted user names and passwords are for a division called Yahoo Voices, a self-publishing company that was originally called Associated Content. The user names and passwords were posted online by hackers, who said they acted only to call attention to Yahoo's vulnerabilities.

Yahoo, meanwhile, downplayed the breach. In a statement, it noted that only about five percent of the passwords were still active. Yahoo said it is in the process of fixing the breach and is notifying parties that may have been compromised.

More serious?

However, the breach could be more serious than it seems at first glance. The data published online also includes email addresses that Yahoo Voice clients used when registering. Some security experts note that if the passwords used for Yahoo Voices were also the ones used for the email accounts, there could be a more serious breach.

"The only silver lining on the cloud is that the website hosting the passwords is temperamental, and people are experiencing difficulties accessing the information," Anna Brading, os Sophos Security Software wrote in her blog. "But maybe the access problems are being caused by so many people trying to access the stolen passwords at once?"

AOL reports only about seven of the its 25,000 AOL Mail addresses revealed in the Yahoo breach had the same passwords on their email accounts.

Yahoo said it is changing affected users' passwords and notifying companies with accounts that might have been compromised.


Share your Comments