450,000 Yahoo passwords leaked onlinePasswords were unencrypted

13 July 2012

Yahoo leaks passwords

Internet search company Yahoo has had 453,000 passwords and user names leaked onto the internet by hackers.

Yahoo, which is also a popular email provider with around 298 million monthly users, confirmed that the leak had occurred, although it claims that it is old data and only 5% of the user name and password combinations were currently valid.

The hack is believed to have only affected users of the Yahoo Voice service, although if you are a Yahoo user we would suggest changing your password immediately - as well as those of any other site where you have used the same password. Read our blog post on how to create a strong password for help choosing a new secure password.

According to security firm TrustedSec the published user names are associated with email addresses from yahoo.com, gmail.com and aol.com.

Unencrypted passwords

Yahoo has been criticised for storing the details without encryption - allowing the hackers to publish the details in plain text so anyone can read them. The hack itself was performed using a technique called 'SQL injection' to access information from Yahoo's database. SQL injections exploit weaknesses in online web forms and database software to expose the contents of online databases to attackers.

Not just emails and passwords leaked

Security firm Imperva has also suggested that information such as names, addresses, post codes, phone numbers and dates of birth could also have been accessed by the hackers - although this hasn't been published online.

This is the latest in a long line of high profile security leaks, following the leak of 8 million passwords from LinkedIn and eHarmony in June.

More on this...