Yahoo today confirmed a breach of its network, saying that not only Yahoo user names and passwords were stolen yesterday but also "other company users names and passwords." Yahoo said the data stolen is related to "an older file from Yahoo! Contributor Network (previously Associated Content)," the Web farm and multimedia content company it acquired two years ago for $100 million.
That Yahoo file of unspecified vintage contained about 400,000 Yahoo and other company users names and passwords that was dumped on the Internet included many associated with Google Gmail, Microsoft Hotmail, and AOL, Comcast and MSN accounts (see list below). Yahoo, which was not immediately available to discuss the data breach, said in a statement that when it comes to the Yahoo accounts, "less than 5% of the Yahoo! Accounts had valid passwords."
BACKGROUND: Yahoo investigating possible massive data breach
According to security firm Rapid7, the breakdown of the stolen account data from the Yahoo breach breaks down as follows in terms of various service provider accounts:
1. 137,559 yahoo.com 106,873 gmail.com 55,148 hotmail.com 25,521 aol.com 8,536 comcast.net 6,395 msn.com 5,193 sbcglobal.net 4,313 live.com 3,029 verizon.net 2,847 bellsouth.net
Marcus Carey, security researcher at Rapid7, said he believes that service providers should be alerting any users whose account information was stolen through Yahoo, and that users should be careful not to reuse passwords.
Yahoo apologized for the data breach and added, "We are fixing the vulnerability that led to the disclosure of the data, changing the passwords of the affected Yahoo! Users whose accounts may have been compromised."
A group calling itself D33D Company took credit for the data breach, which it said was accomplished through a SQL injection attack on a Yahoo server. This latest data spill -- the Yahoo data password data breach -- follows breaches at LinkedIn and eHarmony.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.