Company blames hack on contributor network, says compromised information was provided by writers who joined Associated Content prior to May 2010.
This doesn't rate up there with "Resumegate," but when it comes to Yahoo, the fun never ends. The company finally gave the all clear this morning in the aftermath of a massive password leak that exposed more than 450,000 Yahoo log-in credentials.
The company says it has since deployed "additional security measures" and "enhanced our underlying security controls" as it goes about notifying affected users.
From Yahoo's latest missive:
Yahoo recently confirmed that an older file containing approximately 450,000 e-mail addresses and passwords was compromised. The compromised information was provided by writers who had joined Associated Content prior to May 2010, when it was acquired by Yahoo. (Associated Content is now the Yahoo Contributor Network.) This compromised file was a standalone file that was not used to grant access to Yahoo systems and services.
We have taken swift action and have now fixed this vulnerability, deployed additional security measures for affected Yahoo users, enhanced our underlying security controls, and are in the process of notifying affected users. In addition, we will continue to take significant measures to protect our users and their data.
If you joined Associated Content prior to May 2010 using your Yahoo e-mail address, please log in to your Yahoo account, where you may be prompted to answer a series of authentication questions to change and validate your credentials.
The Yahoo Contributor Network was formerly a content-farm Web site called Associated Content. Yahoo acquired that business a couple of years ago. The hackers responsible for the breach said they intended this as a wake-up call to the parties responsible for the security of the hacked site.