Want CNET to notify you of price drops and the latest stories?

Swarm of Yahoo bugs raises security questions

For the third time in recent months, the company acknowledges software glitches that have compromised the integrity of people's accounts.

Paul Festa Staff Writer, CNET News.com
Paul Festa
covers browser development and Web standards.
Paul Festa
2 min read
A series of bugs is plunging Yahoo account holders into repeated identity crises.

For the third time in recent months, Yahoo has acknowledged software glitches that have compromised the integrity of people's accounts. In the current instance, "My Yahoo" account holders found themselves shut out of their accounts, in some cases finding that other people had signed up successfully with their usernames.

"Apparently someone else opened an account with the same username," one account holder wrote in an email to CNET News.com. "I no longer have access to anything...This is especially frustrating because among other things, I use Yahoo Wallet (which has my credit card information), Yahoo Address Book (my personal contact and phone numbers), Yahoo Briefcase (with files I don't want anyone else to see), Yahoo Photos (my vacation pictures)..."

A Yahoo representative said the problem did not expose any personal information, though it did shut people out of their accounts until they were reinstated.

"We had an isolated bug in our registration process where existing user accounts were overwritten," said Scott Gatz, senior producer for registration at Yahoo. "No personal information was shared. The new user wouldn't have access to that old account."

Yahoo can restore the original accounts to people without loss of data, Gatz said. Once the original account is restored, another person who may have claimed the overwritten Yahoo ID is invited to open an account with a different name.

The registration glitch comes after a potentially serious privacy mishap in which users of Yahoo's calendar reminders received notifications of other people's events. Before that, a confusing bug sent hundreds of people into only a handful of accounts.

Other recent Yahoo gaffes include the introduction of a bug, following network attacks against Yahoo and other large Web sites, that stripped email of important content.

Gatz said that only a "pretty small number" of people were affected by the latest problem during the past few weeks, and that despite the recent rash of errors, people should not be concerned about Yahoo's security and privacy provisions.

"These incidents are not at all related," Gatz said. "There is not an inherent problem happening. In these isolated cases, it's something we worked really quickly to fix and made sure that it's not going to happen again. Users' data and privacy are safe with us, and we work really hard to keep it that way."