Security Bytes

Jul 13 2012   10:56PM GMT

Yahoo fixes flaw that led to password breach



Posted by: Marcia Savage
Tags:
Security

Well it could have been worse. Yahoo on Friday said it has fixed the vulnerability that allowed hackers to expose approximately 450,000 email addresses and passwords belonging to the Yahoo Contributor Network. That’s a huge number but still small potatoes compared to the half billion visitors Yahoo claims each month.

The online giant said in a blog post Friday that the compromised data was an older file containing email addresses and passwords provided by writers who joined Associated Content prior to May 2010, when Yahoo acquired it and renamed it the Yahoo Contributor Network. “This compromised file was a standalone file that was not used to grant access to Yahoo systems and services,” Yahoo said.

In addition to fixing the vulnerability that led to the breach, the company said it deployed additional security measures for affected Yahoo users, boosted its underlying security controls and is notifying affected users. “In addition, we will continue to take significant measures to protect our users and their data,” Yahoo said.

Yahoo’s blog post touted its response to the breach as “swift” but the company had already taken a lot of punches since the reports of the breach were published Thursday. Some security pros berated Yahoo for lack of security while others expressed mock surprise that the struggling company still had so many members. For sure, the breach – the latest in a series of password breaches – is yet another reminder of the need for users to be more careful about the passwords they create and for companies to take proper steps to secure those passwords.

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: