What's new
By:
Guest viewing is limited

450,000+ Yahoo passwords leaked

Brandon

Brandon

Legend Of The Universe
PF Member
Messages
10,914
Highlights
0
Reaction score
1,628
Points
918
Location
Topeka, Kansas
Peak Coin
0.000000¢
DB Transfer
0.000000¢
Yahoo has just become the latest big online service to suffer a major password breach. While the number of affected users is far smaller than in the last big exposure -- that would be the password hack at LinkedIn last month, which exposed 6.5 million user passwords -- the attack is a big black eye for Yahoo and a potential hazard to the 450,000 or so people whose log-in information is now flapping in the breeze.
So here is CNET's quick guide to the Yahoo password fumble and what you need to do.
 
Thanks for the heads up, I just notified a few clients that use their yahoo email with paypal to change their passwords (Just in case). As it would be to easy for the hacker to click the "Forgot Password" link for all the emails at paypal to get access to the ones with balances. Such a nightmare :/ ...

Eric Lyon
 
That really sucks, I saw this on twitter earlier on my Phone, and golly, there's been so many security problems as of late.
 
Eric Lyon said:
Thanks for the heads up, I just notified a few clients that use their yahoo email with paypal to change their passwords (Just in case). As it would be to easy for the hacker to click the "Forgot Password" link for all the emails at paypal to get access to the ones with balances. Such a nightmare :/ ...

Eric Lyon
Click to expand...

I think you're right to be cautious and warn your clients, but I do believe that when recovering a Paypal password you're prompted for some info the hackers should not have access to (last 4 digits of debit card, bank account number). I might be wrong as it's a long time since I've had to recover a password there.

Edit - Just tried the recovery process on my personal account and you get a choice of secret questions, bank ac or debit/credit card details. I guess the hackers could have access to secret questions.
 
I was affected by this. My main email address from my ISP is on the list. Bad me for not changing my password regularly although I never thought it could be hacked because I use a good secure password from a password generator.

Anyway by having that email as well as my Yahoo email which I don't use anymore and have more or less forgotten about until this happened someone was able to gain access to my secondary gmail address' and change the passwords on them. I was able to quickly see this had happened and recovered all my accounts.

Luckily for me my business email isn't tied to any of these so they weren't able to reset it.

Here is what was done in case any one else gets hit with this.

The hacker logged into my ISP account. They used it to query gmail for accounts that used that email as a secondary email. Then they sent a password reset request from gmail for each account found. They then proceeded to do the same thing for each hacked gmail account. That gave them access to a couple more that I created to login to certain sites and where really throw a ways that I don't use any more.

I caught this happening when I went to login to my ISP email. I changed that password and when I was able to login I saw the password reset request emails for my gmail accounts. I reset all of them and then set up 2 step authentication which I should have done when it first became available. The hacker had access to those accounts for about 2 hours.

I was lucky in this because my main account that I use for all eCommerce was not tied to any of the hacked accounts.
 
You must log in or register to reply here.
Back
Top