Now Yahoo has fallen foul of a password breach. Supposedly passwords were being stored in the clear, which if true is a serious failing on the part of Yahoo.
Whether this also impacts users of BY Yahoo is not currently known but may be unlikely, but if it does has the potential to impact a lot of UK users of BT Internet.
Yahoo has confirmed a breach of its network, saying that not only Yahoo user names and passwords were stolen yesterday but also "other company users names and passwords." Yahoo said the data stolen is related to "an older file from Yahoo! Contributor Network (previously Associated Content)," the Web farm and multimedia content company it acquired two years ago for $100 million.
That Yahoo file of unspecified vintage contained about 400,000 Yahoo and other company users names and passwords that was dumped on the Internet included many associated with Google Gmail, Microsoft Hotmail, and AOL, Comcast and MSN accounts (see list below). Yahoo, which was not immediately available to discuss the data breach, said in a statement that when it comes to the Yahoo accounts, "less than 5% of the Yahoo! Accounts had valid passwords."
According to security firm Rapid7, the breakdown of the stolen account data from the Yahoo breach breaks down as follows in terms of various service provider accounts:
1. 137,559 yahoo.com 2. 106,873 gmail.com 3. 55,148 hotmail.com 4. 25,521 aol.com 5. 8,536 comcast.net 6. 6,395 msn.com 7. 5,193 sbcglobal.net 8. 4,313 live.com 9. 3,029 verizon.net 10. 2,847 bellsouth.net
Security experts are warning that the breach could also affect Yahoo Mail. Security firm Eset said that "Since all the accounts are in plain-text, anyone with an account present in the leak which also has the same password on other sites (e-mail, Facebook, Twitter, etc), should assume that someone has accessed their account."