Users of Yahoo! are encouraged to change their passwords to after hackers posted online what they say is login information for more than 450,000 Yahoo! users.
The hacking, which conducted anonymously, was meant to be a warning, according to the Web page where the documents were dumped.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” a note on the page said, according to a report by CNN.com. “There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.”
The statement added that the “subdomain and vulnerable parameters” that were used to hack the site were not posted “to avoid further damage.”
The Web page where the data was dumped was offline for much of Thursday morning.
Yahoo confirmed Thursday the hacking of Yahoo Voices, part of its news service, saying “approximately 400,000” usernames and passwords were stolen. But in a written statement, the company said that less than 5 percent of the breached Yahoo accounts had valid passwords.
“At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products,” the statement said. “We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised.”
Yahoo apologized in the statement and urged users to change their passwords on a regular basis.
As it has after previous hacks, tech blog CNET broke down the list to find the most frequently used passwords. Many of them were embarrassingly easy to crack. Sequential lists of numbers, like “12345,” were used 2,295 times, and “password” was used 780 times, out of the 450,000 passwords.
