Yahoo confirmed on Thursday that about 400,000 passwords were in fact stolen.
"We
confirm that an older file from Yahoo! Contributor Network (previously
Associated Content) containing approximately 400,000 Yahoo! and other
company users names and passwords was stolen yesterday, July 11," the
company said in a statement to CNBC.
Of the stolen passwords, however, less than five percent of the Yahoo accounts had valid passwords, the company said in the statement.
The
company is fixing the vulnerability and changing passwords of affected
Yahoo users. It is also notifying companies whose accounts may of been
compromised, according to the statement.
The
security firm Rapid7 said a data file published on the Web contained
logins and cleartext passwords for Yahoo as well as several other
Internet services, including Google Inc's Gmail and AOL as well as
Microsoft Corp's Hotmail, MSN and Live sites.
"It's
way bigger than Yahoo," said Rapid7 researcher Marcus Carey. "We can
assume that tens of thousands of people on services outside of Yahoo
could be compromised."
Chairman
Alfred Amoroso acknowledged that Yahoo had experienced a "tumultuous"
year at its annual shareholder meeting on Thursday morning. Interim CEO
Ross Levinsohn told attendees he was optimistic about the company's
progress.
Yahoo
spokeswoman Dana Lengkeek did not respond to a request asking her to
identify the companies whose credentials were stolen. Officials with
Google, AOL and Microsoft could not immediately be reached for comment.
Lengkeek
said "an older file" had been stolen from Yahoo Contributor Network, an
Internet publishing service that Yahoo purchased about two years ago.
It helps writers, photographers and videographers to sell their work
over the Web.
The
theft follows a breach reported last month by the business networking
service LinkedIn, which resulted in the release of some 6.4 million
member passwords.
No comments:
Post a Comment