Alarming news today for Yahoo account holders -- hackers have busted into a Yahoo database, stolen more than 450,000 emails and passwords, and posted them all on the internet. The list of compromised emails and passwords has since been taken down, but the genie is out of the bottle and the information has already been made public. Fortunately, there are simple and instant methods to check whether your email was hacked.
Even if you no longer have a Yahoo email account, you still may have been hacked. The photo-sharing service Flickr still uses Yahoo log-in credentials, and thousands of the exposed emails were Gmail, Comcast, AOL, and Hotmail emails and passwords.
The hackers are a group calling themselves the D33Ds Company, and they claim to be ethical hackers who are just trying to expose significant security flaws. Boy did they succeed this time! The list has been taken down from their site, but the hackers' site has posted a message reading, "Due to the high traffic on our server, the file has been moved (mirrored+compressed) and will be shortly available to the public."
While roughly 453,000 emails and passwords were exposed, most of the emails were not actual Yahoo email addresses. "It's way bigger than Yahoo," Rapid7 security researcher Marcus Carey told Reuters. "We can assume that tens of thousands of people on services outside of Yahoo could be compromised." The New York Times notes, for instance, that 106,000 of the compromised emails and passwords were Gmail accounts.
Yahoo deserves the primary share of blame, though. It was their database that was hacked, and the emails and passwords were kept completely unencrypted in their compromised database.
If you're freaking out over whether your email was among those hacked, you should be. There are, however, easy ways to check whether your email account was exposed. The anti-malware security site Sucuri Labs has a simple Yahoo leak check tool wherein you enter your email and the tool tells you whther your email was among those compromised. If you're spooked enough that you'd rather not submit your email to a third party site, you are free to scroll through a complete list of the exposed emails at Dazzlepod. There corresponding passwords, fortunately, are not posted.
The specific Yahoo property hacked was not Yahoo email, but the Yahoo Contributor Network (formerly Associated Content). If you ever wrote for or submitted pictures to them, the email you used is almost certainly among those compromised.
Latinos Post reports that the most common password on the leaked list was "123456", and the second most common password was "password". People, it is time to start getting a little bit more crerative with those passwords.