Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Yahoo fixes password-pilfering bug, explains who's at risk

Gregg Keizer | July 16, 2012
Yahoo today said it has fixed the flaw that allowed hackers to steal more than 450,000 passwords from one of its many services.

Security experts have been scathing in their criticism of Yahoo, in large part because the passwords were stored in plain-text, making the hackers' job of exploiting the stolen accounts a breeze.

Yesterday, Mark Bower, a data protection expert and executive at Voltage Security, said, "It's utter negligence to store passwords in the clear."

Also on Thursday, Rob Rachwald, director of security strategy at Imperva, took Yahoo to the woodshed. "To add insult to injury, the passwords were stored in clear text and not hashed (encoded)," Rachwald wrote in a blog post. "One would think the recent LinkedIn breach would have encouraged change, but no. Rather, this episode will only inspire hackers worldwide."

The LinkedIn breach Rachwald referenced came to light last month, and involved approximately 6.5 million encrypted passwords belonging to members of the networking service.

In its Friday blog, Yahoo again apologized to users affected by the password theft.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.