Update: Yahoo's massive data breach includes Gmail, Hotmail, Comcast user names and passwords

Update: Yahoo's massive data breach includes Gmail, Hotmail, Comcast user names and passwords

Yahoo today confirmed a breach of its network, saying that not only Yahoo user names and passwords were stolen yesterday but also "other company users names and passwords." Yahoo said the data stolen is related to "an older file from Yahoo! Contributor Network (previously Associated Content)," the Web farm and multimedia content company it acquired two years ago for $100 million.

That Yahoo file of unspecified vintage contained about 400,000 Yahoo and other company users names and passwords that was dumped on the Internet included many associated with Google Gmail, Microsoft Hotmail, and AOL, Comcast and MSN accounts (see list below). Yahoo, which was not immediately available to discuss the data breach, said in a statement that when it comes to the Yahoo accounts, "less than 5% of the Yahoo! Accounts had valid passwords."

BACKGROUND: Yahoo investigating possible massive data breach

According to security firm Rapid7, the breakdown of the stolen account data from the Yahoo breach breaks down as follows in terms of various service provider accounts:

1. 137,559 2. 106,873 3. 55,148 4. 25,521 5. 8,536 6. 6,395 7. 5,193 8. 4,313 9. 3,029 10. 2,847

Marcus Carey, security researcher at Rapid7, said he believes that service providers should be alerting any users whose account information was stolen through Yahoo, and that users should be careful not to reuse passwords.

Yahoo apologized for the data breach and added, "We are fixing the vulnerability that led to the disclosure of the data, changing the passwords of the affected Yahoo! Users whose accounts may have been compromised."

A group calling itself D33D Company took credit for the data breach, which it said was accomplished through a SQL injection attack on a Yahoo server. This latest data spill -- the Yahoo data password data breach -- follows breaches at LinkedIn and eHarmony.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about wide area network in Network World's Wide Area Network section.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments