 chrisretusnRetiredPremium
join:2007-08-13
Philippines
kudos:1 | reply to jabarnut
Re: Nearly Half a Million Yahoo Passwords Leaked Agree. "Just provide your email and we will let you know if it was part of the leak.", yeh OK. 
The dazzlepod.com/yahoo/ link would be a better choice, just don't give the whole thing, any part will do. You may have to click through several pages, but it better than clicking through all of them. Of course who is to say that is the real list?
Best course of action. Change your password(s).
--
Chris
Living in Paradise!! |
|
 shearerNorthern LightsPremium
join:2002-06-18
Asia | reply to Frank32
said by Frank32:Does this affect people who only have a free Yahoo email account and have never used Voices?
I'd love to know this too. |
|
 jabarnutLight Years AwayPremium,MVM
join:2005-01-22
Galaxy M31
kudos:2 | The .tar gz file Snowy  posted earlier looks pretty good (Of course, who really knows for sure), but I downloaded that and used the "find" function to look around for my addresses. Nowhere to be found...at least not on that list.
(Edit) Oops...meant to reply to chrisretusn ...I'm still not fully awake.  |
|
chrisretusnRetiredPremium
join:2007-08-13
Philippines
kudos:1
2 edits | That's OK, I read it. 
Some how I missed that, must be asleep too.
I good too, but am changing passwords anyway. |
|
 NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9
 ·SONIC.NET
·Pacific Bell - SBC
| reply to shearer
said by shearer:said by Frank32:Does this affect people who only have a free Yahoo email account and have never used Voices?
I'd love to know this too. As explained by the poster in the link I provided (to the Scam and Phishbusters forum), it was a backend database that was compromised. It wouldn't matter that you had never used "Voices".
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
|
|
 NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro
 ·Comcast Business..
 ·Vonage
 ·Cingular Wireless
·Comcast
| reply to shearer
said by shearer:said by Frank32:Does this affect people who only have a free Yahoo email account and have never used Voices?
I'd love to know this too. The list that was published looks to me like it may be a list of email addresses used as usernames for that particular service and the passwords for that service. Those passwords may or may not be the actual passwords for the listed email accounts...that would depend on whether the user used the actual email password for the Yahoo service. I know that I use a number of web services that want an email address as the username, but I certainly don't use that email address's password as the password for the unrelated web service.
Also, I noticed some @worldnet.att.net email addresses in the list, and that might add some credibility to Yahoo's claim that this was an "old list" because I think that AT&T/Yahoo terminated all worldnet.att.net accounts (and the associated email addresses) several years ago
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower |
|
| reply to antdude
Hats Off in respect to :
NormanS
Netfixer
For exceptional contribution to this topic.
__________________
|
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| reply to NetFixer
said by NetFixer:The list that was published looks to me like it may be a list of email addresses used as usernames for that particular service and the passwords for that service. Those passwords may or may not be the actual passwords for the listed email accounts...
If you register a Yahoo! Voices account as a new user, they don't ask you for an existing email address, they will set you up with a new 'yahoo.com', 'ymail.com', or 'rocketmail.com' email address.
If you sign in at 'mail.yahoo.com' with an existing Yahoo! Mail email address, then go to 'voices.yahoo.com' in another tab, or window, of the browser where you are signed in to email, you will be welcomed as if you were signed in to "Voices":
Showing linkage of service.
Coupled with complaints that users Yahoo! Messenger contact lists were compromised, my take on this is that DC DSL is right, and some backend login server database was compromised.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| said by NormanS:said by NetFixer:The list that was published looks to me like it may be a list of email addresses used as usernames for that particular service and the passwords for that service. Those passwords may or may not be the actual passwords for the listed email accounts...
If you register a Yahoo! Voices account as a new user, they don't ask you for an existing email address, they will set you up with a new 'yahoo.com', 'ymail.com', or 'rocketmail.com' email address. If you sign in at 'mail.yahoo.com' with an existing Yahoo! Mail email address, then go to 'voices.yahoo.com' in another tab, or window, of the browser where you are signed in to email, you will be welcomed as if you were signed in to "Voices": [ATT=1] Coupled with complaints that users Yahoo! Messenger contact lists were compromised, my take on this is that DC DSL is right, and some backend login server database was compromised. Thanks for the information on how logging into Yahoo Voices works (on the rare occasions that I actually access »mail.yahoo.com/ I use the old "Classic" view, and I don't see any of the new whiz bang extra stuff). That would definitely tend to say that the hacked database was not necessarily related to only Yahoo Voices since to my knowledge Yahoo has never handled email for MSN/Hotmail/Live, Gmail, Comcast, leetgamers.org, or mastpaintball.com (all of which, and more, are in the list).
It would be nice if Yahoo actually admitted what service(s) that database was used for, but I think that is rather unlikely.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17
·Bell Sympatico
| reply to antdude
Yahoo security breach shocks experts
quote:
A Yahoo security breach that exposed 450,000 usernames and passwords from a site on the huge web portal indicates that the company failed to take even basic precautions to protect the data.
Security experts were befuddled Thursday as to why a company as large as Yahoo would fail to cryptographically store the passwords in its database. Instead, they were left in plain text, which means a hacker could easily read them.
"It is definitely poor security," Marcus Carey, a security researcher at Rapid7, said. "It's not even security 101. It's basic application development 101."
Article |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| reply to NetFixer
said by NetFixer:It would be nice if Yahoo actually admitted what service(s) that database was used for, but I think that is rather unlikely.
My guess is "all of them". Even reverting an account to "Mail Classic" doesn't change things.
Well, except for "Flickr".
Log in at, 'mail.yahoo.com', and you are in.
Open a new browser window and type, 'groups.yahoo.com', and you are in.
Open another new browser window and type, 'voices.yahoo.com', and you are in.
Open yet another new browser window and type, 'messenger.yahoo.com', and you are in.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| reply to siljaline
Thanks for that link siljaline, knowing that the database was associated with contributor.yahoo.com explains all of the non-Yahoo managed email addresses.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| reply to NormanS
said by NormanS:said by NetFixer:It would be nice if Yahoo actually admitted what service(s) that database was used for, but I think that is rather unlikely.
My guess is "all of them". Even reverting an account to "Mail Classic" doesn't change things. Well, except for "Flickr". Log in at, 'mail.yahoo.com', and you are in. Open a new browser window and type, 'groups.yahoo.com', and you are in. Open another new browser window and type, 'voices.yahoo.com', and you are in. Open yet another new browser window and type, 'messenger.yahoo.com', and you are in. I didn't "revert", all I need at mail.yahoo.com is access to the spam folder to make sure there are no important false positives, and occasionally I will actually check the inbox if I am away from home and using a borrowed PC. All the other Yahoo stuff is of no interest to me.
Also, before you can use those urls to other Yahoo services, you have to know those urls, and the Yahoo Classic interface does not have links to those other sites (which is why I was not aware of voices.yahoo.com).
Also, that would not explain all of the non-Yahoo managed email addresses in the compromised database. However, siljaline has found a link that contains Yahoo's admission that the database was from contributor.yahoo.com, a site that allows users to login using non-Yahoo email addresses.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 | reply to NetFixer
You're welcome, NetFixer |
|
| reply to antdude
Yahoo! fixes! password! leak! vulnerability!:
"We have taken swift action and have now fixed this vulnerability, deployed additional security measures for affected Yahoo! users, enhanced our underlying security controls and are in the process of notifying affected users," Yahoo! said in a statement. "In addition, we will continue to take significant measures to protect our users and their data."
The company said the information that was published by members of the hacking group D33Ds Company stemmed from users who had signed up with the Associated Content site before Yahoo! bought it 2010.
If these users try and log into their Yahoo! accounts now they will be asked a series of authentication questions before having to change their data, and Yahoo! is also suggesting other users get into the habit of changing their passwords regularly. |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 Reviews:
·Bell Sympatico
| reply to antdude
Yahoo! closes security hole that led to huge password breach quote:
Yahoo! has patched the security hole that allowed hackers to access some 450,000 email addresses and passwords associated with Yahoo! Contributor Network and ultimately publish them last week.
"The compromised information was provided by writers who had joined Associated Content prior to May 2010, when it was acquired by Yahoo!," the company said in a statement, and added that the file in question was a standalone file that was not used to grant access to Yahoo! systems and services.
|
|
