password

Yahoo's security black eye

Yahoo fell victim to a security breach that yielded hundreds of thousands of login credentials stored in plain text, but it appears users also did little to protect themselves.

The hacked data, posted to the hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer's network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain, intended the data dump to be a "wake-up call." [Update, 11:13 a.m. PT: On Friday morning, Yahoo gave the all-clear, saying "We ... … Read more

Hackers strike again, hit Nvidia's developer zone

Nvidia is the latest company to get hit by hackers: The chipmaker was forced to take down its developer support Web site yesterday because user passwords may have been compromised.

In the place of Nvidia's Developer Zone Web site and forum is a note saying that the company has suspended operations due to attacks on the site by third parties. It warned that hackers may have gotten hold of hashed passwords from the site. The company recommended that people who frequent the Web site should change their passwords, particularly ones they also use on other sites.

Word of the … Read more

Yahoo hack reveals most-used passwords

This Thursday, it's time to train your brain to win the gold in multitasking:

Seems to be the season for security breaches. This time, it deals with a subsection of Yahoo, called Yahoo Voices. Hackers posted more than 450,000 login names and passwords of Voices users, and it was said to be done as a wake-up call to Yahoo and others to step up security. The Voices section of Yahoo was slacking in security and did not hash passwords or require complicated strings.

CNET's Declan McCullagh wrote a program to comb through the most frequently used passwords … Read more

Yahoo's password leak: What you need to know (FAQ)

Updated July 13 at 12:17 p.m. PT

Yahoo has just become the latest big online service to suffer a major password breach. While the number of affected users is far smaller than in the last big exposure -- that would be the password hack at LinkedIn last month, which exposed 6.5 million user passwords -- the attack is a big black eye for Yahoo and a potential hazard to the 450,000 or so people whose log-in information is now flapping in the breeze.

So here's CNET's quick guide to the Yahoo password fumble and … Read more

Yahoo password breach shows we're all really lazy

I'm going to say it. Lame! That's what this Yahoo password leak is. Really, Yahoo? Shame!

A group of hackers say they used a common attack, known as SQL injection, to grab 450,000 passwords from a Yahoo database, and they released them to the Web last night. The passwords were stored in plain text and not obscured using a hashing technique, which is standard practice for companies that handle sensitive user data.

I've asked Yahoo to comment on why the company didn't hash the passwords, but so far it's only released a statement confirming … Read more

Android forum site hacked; data swiped on 1 million users

Phandroid is urging members of its Android forums to change their passwords immediately after discovering that the server hosting the forum site was hacked this week, ZDNet reported today.

The data includes the user names, e-mail addresses, hashed passwords, and registration IP addresses of the forums' more than 1 million users. To change your password, go to UserCP, or use the "forgot your password?" page. As always, if you use the same e-mail address and password combination on other accounts, change those too.

A community manager for the site posted the news earlier this week, informing members that … Read more

Top domains and passwords compromised by Yahoo breach

The breach of one of Yahoo's sites reignited concerns over the vulnerability of the favorite Web sites that we visit.

But in reality, roughly 450,000 login credentials were compromised -- a small number relative to the total users on the Internet. Yahoo said less than 5 percent of the accounts had valid passwords.

The following is a list of the top 20 e-mail domains and frequently used passwords that were hit, as compiled by CNET's Declan McCullagh:

Domains 1. Yahoo.com (137,559) 2. Gmail.com (106,873) 3. Hotmail.com (55,148) 4. Aol.com (25,… Read more

Yahoo breach: Swiped passwords by the numbers

If there's one thing to learn from the recent security breach at Yahoo, it's that we need to be more creative with our passwords.

Hackers yesterday exposed more than 450,000 login credentials, which appeared to be gleaned from Yahoo. The hackers said they hoped this would be taken as a wake-up call to the parties responsible for the security of the hacked site, but individuals should also see this as a warning to strengthen their own personal passwords.

CNET's Declan McCullagh wrote a program to analyze the most frequently used passwords and e-mail domains that surfaced … Read more

Formspring disables user passwords in security breach

Formspring has suffered a security intrusion in which some of its user passwords may have been breached, the question-and-answer site warned today.

Formspring, which said it only learned of the network intrusion this morning, responded by disabling all users' passwords.

"We apologize for the inconvenience but prefer to play it safe and have asked all members to reset their passwords," Formspring founder and CEO Ade Olonoh said in a company blog post. "Users will be prompted to change their passwords when they log back into Formspring. "

A Formspring spokesperson told CNET that the company was tipped … Read more