Passwords Posted as Yahoo is Hacked

More than 450,000 Yahoo user passwords were posted online after Yahoo was hacked.  The hackers claim that they intend the public posting of user logins and passwords to be “a wakeup call.”

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers said in a comment after the data. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”  The sensitive data was posted as plain text.  Yahoo has announced that it is looking into the matter.

Yahoo is not alone with this problem.  Recently, nearly 8 million passwords were compromised, as LinkedIn, eHarmony, and have all suffered high-profile password hacks.  What does this mean for you?

Although the breach was a direct result of bad security policies on the hacked Yahoo website, there is much we can learn from the hack.  First and foremost, if you have a Yahoo account, you should change your password quickly.  When choosing a password, is important to keep the following in mind:  Choose a password at least 8 characters long, and do not use whole words.  Be certain to mix in upper and lower case letters, as well as numbers and symbols.  Also, use different passwords for different sites.  If any one password gets stolen, it isn’t the key that opens the doors to all the sites you visit.

According to some research done by CNet analyzing the data from the Yahoo breach, many of us are just not careful enough creating passwords.  According to  Roger Cheng and Declan McCullagh of CNet:

• 2,295: The number of times a sequential list of numbers was used, with “123456” by far being the most popular password. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up.

• 160: The number of times “111111” is used as a password, which is only marginally better than a sequential list of numbers. The similarly creative “000000” is used 71 times.

• 780: The number of times “password” was used as the password. Apparently, absolutely no thought went into security in these instances.

• 233: The number of times “password” was used in conjunction with a few numbers behind it. Apparently, the barest minimum of thoughts went into security here.

• 437: The number of times “welcome” is used. With a password like that, you’re just asking to be hacked.

• 333: The number of times “ninja” is used. Pirates, unfortunately, didn’t make the list.

• 137,559: The number of Yahoo credentials that were leaked.

• 106,873: The number of Gmail credentials that were leaked. Hotmail, which was the next most frequently cited e-mail service, had fewer than half the number of users hit.

• 161: The number of times “freedom” is used, suggesting a lot of patriotic users. “America” was used 68 times.

• 161: The number of times the f-word is used in some combination. There are a lot of angry people out there.

• 133: The number of times “baseball” appears as a password. It’s the most popular sport on the list, proving that it is indeed America’s national pastime. It just may not be the best password.

• 106: The number of times “superman” is used as a password. That’s nearly double the amount of times “batman” is used and triple the frequency of “spiderman.”

• 52: The number of times “starwars” is used. The force is not with this password.

• 32: The number of times “lakers” appears. It tied with “maverick,” although fortunately “the_heat” or “celtics” weren’t on this list.

• 56: The number of times “winner” is used.

• 27: The number of times “ncc1701” is used as a password. For those of you who aren’t trekkies, that’s the designation code for the Starship Enterprise. “startrek” is used 17 times, while “ncc1701a,” the designation for the Enterprise used in later Star Trek movies, is used 15 times.

At ScalIT, we are always concerned about our customers’ privacy and security.  Contact us today to find out how we can help your business be more efficient and secure.

Did Facebook Change your Email Address?

Recently, Facebook modified all user accounts to replace their profile email address with a new “Facebook” email address.  Unless you manually go into your Facebook preferences and change it back to your desired email address, email messages, alerts, and notices sent to you either through or by Facebook will no longer be delivered to you.  You need to either add your new Facebook address to your favorite email program, or you need to change it back to the email address you prefer.

To change the email address, you should click on the “About” link on the main Timeline page, then click on the “Edit” button next to the “Contact Info” box. Although you can change the email addresses that appear on your Timelines, the Facebook email address cannot be deleted, only hidden.

Facebook made this change in order to direct more communications through their servers.  This enables Facebook to better glean what interests you and how to market to you better.  All email that flows through these new accounts is indexed for just that purpose.

At ScalIT, we are always concerned about our customers’ privacy and security.  Your information always remains YOUR information.  Call today.