Skip to main content

Now Yahoo suffers hack; security experts warn of complacency, give advice

The news that nearly half a million Formspring passwords had been stolen barely had time to enjoy Google's gentle news aggregating embrace before Yahoo whisked away the Q&A-centred social network's moment of infamy, reporting that it too was the victim of a sizeable security breach.

It emerged this morning that up to 450,000 user accounts and passwords thought to be related to Yahoo's voice-over-Internet-protocol service, Yahoo Voices, were nabbed by a hitherto unknown hacking group, the D33DS Company, and posted online in the customary fashion.

The hackers are believed to have used the popular SQL injection method to break into a subdomain of Yahoo's website to loot the sensitive information, with a range of email addresses including those from, and reported to among those compromised.

D33DS Company compiled the data into a huge document and linked to it via a web forum, describing its attack as "a wake-up call and not a threat." Both users and Yahoo itself appear to be equally responsible, with the passwords themselves seeming to have been stored unencrypted in a backend database.

(opens in new tab)Some Yahoo users, in turn, failed to have much imagination when it came to trying to protect their accounts, with a preliminary stat audit carried out by Swedish security firm Eset (opens in new tab) highlighting that a number of the leaked passwords were highly original words and phrases like "password", "welcome", "Jesus", and "abc123." Indeed, "123456" was the most popular entry into the wall of shame, with nearly 2000 users employing it to protect their accounts.

The Yahoo and Formspring breaches come on the back of the larger hacks suffered by major social sites like LinkedIn, eHarmony, and The composition of a complex alphanumerical combination continues to be something many Internet users struggle with, according to recent studies.

The latest leaks have again got the security firms popping their heads out of the wire cabinet to say, "I told you so!", with UK personal security experts Dashlane (opens in new tab)urging the web browsing public to take its online security more seriously and offering its '5 top tips' for protecting digital data in an exclusive press release directed at ITProPortal:

"1. Use strong passwords everywhere to prevent being hacked. If you don't know where to start, use a password manager like Dashlane, Lastpass, or Sticky Password to help generate strong passwords which will enhance your security

2. Make sure to create unique passwords and create lots of them - numerous different passwords boosts your online security, but do not store them in your browser. This might be convenient but if your device falls into the wrong hands you will compromise your privacy

3. Don't log in to important accounts when using free public Wi-Fi, as open networks can be targeted by hackers. However, if you must, at least use https. This prevents others from seeing your personal information on the web by encrypting the data

4. When receiving an email that asks you to log in to a website via an email URL, check that the link actually goes to the right website. By doing so you will be avoiding phishing scams, which aim to gain access to your personal accounts and bank or card details

5. Never store credit cards, addresses, and other key personal information like ID numbers on e-commerce and other websites. If you distrust a website, don't save your information on it".

For more insider knowledge, check out ITProPortal's in-house guide to secure password creation.

James is a freelance editor, journalist, and writer with 10+ years experience in digital media, SEO and news writing. He has produced content on a number of Future sites, including TechRadar, ITProPortal, Tom's Guide, and T3, and was Senior Staff Writer at ITProPortal.