Passwords Posted as Yahoo is Hacked

More than 450,000 Yahoo user passwords were posted online after Yahoo was hacked.  The hackers claim that they intend the public posting of user logins and passwords to be “a wakeup call.”

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers said in a comment after the data. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”  The sensitive data was posted as plain text.  Yahoo has announced that it is looking into the matter.

Yahoo is not alone with this problem.  Recently, nearly 8 million passwords were compromised, as LinkedIn, eHarmony, and have all suffered high-profile password hacks.  What does this mean for you?

Although the breach was a direct result of bad security policies on the hacked Yahoo website, there is much we can learn from the hack.  First and foremost, if you have a Yahoo account, you should change your password quickly.  When choosing a password, is important to keep the following in mind:  Choose a password at least 8 characters long, and do not use whole words.  Be certain to mix in upper and lower case letters, as well as numbers and symbols.  Also, use different passwords for different sites.  If any one password gets stolen, it isn’t the key that opens the doors to all the sites you visit.

According to some research done by CNet analyzing the data from the Yahoo breach, many of us are just not careful enough creating passwords.  According to  Roger Cheng and Declan McCullagh of CNet:

• 2,295: The number of times a sequential list of numbers was used, with “123456” by far being the most popular password. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up.

• 160: The number of times “111111” is used as a password, which is only marginally better than a sequential list of numbers. The similarly creative “000000” is used 71 times.

• 780: The number of times “password” was used as the password. Apparently, absolutely no thought went into security in these instances.

• 233: The number of times “password” was used in conjunction with a few numbers behind it. Apparently, the barest minimum of thoughts went into security here.

• 437: The number of times “welcome” is used. With a password like that, you’re just asking to be hacked.

• 333: The number of times “ninja” is used. Pirates, unfortunately, didn’t make the list.

• 137,559: The number of Yahoo credentials that were leaked.

• 106,873: The number of Gmail credentials that were leaked. Hotmail, which was the next most frequently cited e-mail service, had fewer than half the number of users hit.

• 161: The number of times “freedom” is used, suggesting a lot of patriotic users. “America” was used 68 times.

• 161: The number of times the f-word is used in some combination. There are a lot of angry people out there.

• 133: The number of times “baseball” appears as a password. It’s the most popular sport on the list, proving that it is indeed America’s national pastime. It just may not be the best password.

• 106: The number of times “superman” is used as a password. That’s nearly double the amount of times “batman” is used and triple the frequency of “spiderman.”

• 52: The number of times “starwars” is used. The force is not with this password.

• 32: The number of times “lakers” appears. It tied with “maverick,” although fortunately “the_heat” or “celtics” weren’t on this list.

• 56: The number of times “winner” is used.

• 27: The number of times “ncc1701” is used as a password. For those of you who aren’t trekkies, that’s the designation code for the Starship Enterprise. “startrek” is used 17 times, while “ncc1701a,” the designation for the Enterprise used in later Star Trek movies, is used 15 times.

At ScalIT, we are always concerned about our customers’ privacy and security.  Contact us today to find out how we can help your business be more efficient and secure.

Leave a Reply