Yahoo! Hacked: It’s Friday the 13th

Posted by Pamela S. on Friday, July 13th, 2012

I never expect things to go wrong on Friday the 13th, because I’m not superstitious, but we’ll see. Technically, this happened yesterday. I’m not feeling the love for Yahoo! after my account was one of the usernames and passwords that was hacked.

Last night I started getting emails from Amazon and other sites where I have old accounts, informing me that they had reset my password because my email address and password were published. At first I thought it was a phishing attempt until I went online to see if there were any breaches.

Sure enough, Yahoo Voices (formerly Associated Content) had been hacked. According to security firm TrustedSec, more than 450,000 passwords were exposed. The passwords were not encrypted and were posted online. D33Ds.Co, a hacker site, is taking responsibility for the act. Here is their message:

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

My account was an old one I had not used in many years. I always use complicated passwords that are not that easy to crack. I know enough not to use “password” or “12345”. I do admit that I don’t change my passwords often enough and sometimes use the same password for different sites, even though I know better. I write about this stuff! I should be more careful, but like all of us, I get lazy.

How did I find out that mine was one of the email log-ins and passwords that was hacked? Dazzlepod has a searchable database of the hacked accounts, minus the passwords. Sure enough, mine was there.

I also checked Shouldichangemypassword.com. This site provides a free service that tracks hackers.  If you sign up, they will alert you when your information has been compromised. You only have to provide your email address, no passwords. This is the message I received when I checked my information:

“Your email, username, and password have been compromised at least 1 time(s). The most recent recorded occurrence is July 12, 2012. You should change all your passwords as soon as possible. Ensure that each password is at least 10 characters in length and is a combination of random upper and lower case letters, numbers, and symbols. Do not re-use the same password across multiple sites!”

This may be big news all over the Internet, but Yahoo is keeping quiet on their site. I never received an email from them informing me of the situation.

I try to come up with strong passwords, but that doesn’t help when a website doesn’t encrypt them.  According to CNET, “Declan McCullagh wrote a program to analyze the most frequently used passwords and e-mail domains that surfaced in the breach.” One thing that was learned from this hack is that a lot of people are still using weak passwords.

Hackers can cause a lot of damage. Because this information was posted online, anyone can access your accounts using your password if you haven’t changed it. This could lead to identity theft.

Learn what to do if your email account is hacked by reading “Hacked and Hijacked: What to Do if Your E-mail Account Gets Compromised“.

Meanwhile, I hope you don’t have any bad luck today. If a black cat crosses your path when you are out walking or training for a marathon, it’s just a cat.

Former FBI Assistant Director Tom Sheer has recruited the best from the FBI, DEA, IRS and Secret Service to build a formidable team at Sheer Investigations. Our private investigators have the sensitivity and experience to handle the most delicate investigations.