Want CNET to notify you of price drops and the latest stories?

Yahoo's security black eye

<b>week in review</b> Hack reveals users' credentials in plain text, while RIM investors look for more financial security. Also: Amazon gets its game on.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
3 min read

Yahoo fell victim to a security breach that yielded hundreds of thousands of login credentials stored in plain text, but it appears users also did little to protect themselves.

The hacked data, posted to the hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer's network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain, intended the data dump to be a "wake-up call." [Update, 11:13 a.m. PT: On Friday morning, Yahoo gave the all-clear, saying "We ... have now fixed this vulnerability, deployed additional security measures," and so on.]

If there's one thing to learn from the security breach, it's that we need to be more creative with our passwords. The hackers said they hoped this would be taken as warning to the parties responsible for the security of the hacked site, but individuals should also see this as a warning to strengthen their own personal passwords. What was the most popular password on the Yahoo list? The classic 123456, of which there were 2,295 instances.
•  Yahoo password breach shows we're all really lazy
•  Yahoo's password leak: What you need to know (FAQ)

More headlines

RIM faces angry investors, searches for new board

BlackBerry maker is confronted by disgruntled shareholders, as it votes to keep its current board of directors while confirming its search for more-qualified people to serve.
•  RIM's secret weapon? 80M 'very loyal' customers

•  RIM CEO Heins: 'I'm not happy with the situation at RIM'
•  How RIM's new marketing chief sees its developer prospects

New iOS hack yields in-app freebies

A new exploit gives users free access to digital content within iOS apps, content that normally costs money.

Apple gives developers fully baked Mountain Lion

Apple's next big OS X update has hit golden master status, a sign the software is just about ready for a public release.
•  Older 64-bit Macs out of the picture for Mountain Lion

Embrace your inner nerd at Comic-Con Preview Night (pictures)

See all photos

Amazon targets Apple's Game Center with GameCircle

The retail giant's new product offers tracking for achievements and leader boards, and saves in-game progress to the cloud.

Malware went undiscovered for weeks on Google Play

Breaking the malware into separate, staged payloads allowed the Trojan's authors to avoid detection by Google's automated screening process.
•  Apple pulls controversial Chinese game from App Store

City of San Francisco to stop buying Apple computers

City officials tell the Wall Street Journal that city money can't be used to buy Apple desktops and laptops. The change comes after Apple withdrew its products from a green-certification registry.
•  Apple explains why it yanked devices from enviro registry

Google releases Android 4.1 source code

New version of the mobile operating system, aka Jelly Bean, was released along with proprietary binaries for Nexus 7 and Galaxy Nexus.
•  Nexus devices get Android 4.1 Jelly Bean update

•  Android 4.1 Jelly Bean ported to Kindle Fire

Kim DotCom extradition hearing postponed until 2013

Hearing delayed while New Zealand courts sort out questions about the legality of evidence seized with search warrants later declared invalid.
•  Kim DotCom offers a travel deal to U.S. Justice Department

Russia's parliament approves Internet blacklist law

Russia is the latest country to enact Web censorship-style laws. Sites deemed "illegal" under Russian law now face near-immediate blacklisting.
•  Wikipedia blackout in Russia to protest censorship

Netflix's lost year: The inside story of the price-hike train wreck

One year ago tomorrow, CEO Reed Hastings took the first of a series of missteps that angered customers and nearly derailed his company. Current and former employees disclose what went wrong.

Also of note
•  Teens love texting and social networks but ignore e-mail
•  Techies offended by Silicon Valley reality show
•  Google's Larry Page back at work, recovering from illness