Security experts have been scathing in their criticism of Yahoo, in large part because the passwords were stored in plain-text, making the hackers' job of exploiting the stolen accounts a breeze.
Yesterday, Mark Bower, a data protection expert and executive at Voltage Security, said, "It's utter negligence to store passwords in the clear."
Also on Thursday, Rob Rachwald, director of security strategy at Imperva, took Yahoo to the woodshed. "To add insult to injury, the passwords were stored in clear text and not hashed (encoded)," Rachwald wrote in a blog post. "One would think the recent LinkedIn breach would have encouraged change, but no. Rather, this episode will only inspire hackers worldwide."
The LinkedIn breach Rachwald referenced came to light last month, and involved approximately 6.5 million encrypted passwords belonging to members of the networking service.
In its Friday blog, Yahoo again apologized to users affected by the password theft.
Sign up for Computerworld eNewsletters.