The Yahoo Contributor Network didn't require strong passwords or hash them. So hackers, and the rest of the world, were able to see how basic many of them were.
I'm going to say it. Lame! That's what this Yahoo password leak is. Really, Yahoo? Shame!
A group of hackers say they used a common attack, known as SQL injection, to grab 450,000 passwords from a Yahoo database, and they released them to the Web last night. The passwords were stored in plain text and not obscured using a hashing technique, which is standard practice for companies that handle sensitive user data.
I've asked Yahoo to comment on why the company didn't hash the passwords, but so far it's only released a statement confirming that an older file from the Yahoo Contributor Network was broken into and that less than 5 percent of the Yahoo accounts on there had valid passwords. "At Yahoo we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products," the statement says, without irony.
If the people at Yahoo really take security seriously, they should have protected against an SQL injection attack in the first place and hashed the passwords. At least LinkedIn had the... [Read more]
No comments:
Post a Comment