A security lax on part of Yahoo led to stealing and public posting of more than 450,000 paired user names and passwords. A group of hackers called D33Ds co. who claims that they did it to reveal the vulnerability in the Yahoo security measures than to cause any malicious harm to anyone. These hackers used the technique of SQL Injection which employs some tricks to disturb the database of a poorly secured site to disclose information.
Instead of securing the password using cryptographic hashing, these credentials were stored in plain text form on the Yahoo computer systems which led to this stupendous divulgence. These files originally posted on a public website have now been distributed all over the world by BitTorrent and other file lockers on the internet. So, now Yahoo is being widely criticized for such an obtuse security customs. It was also shown that only less than 5 percent of the yahoo accounts had valid passwords. The most common passwords in the group were “123456”, “password”, “iloveyou” and “ninja” according to an anti-virus software maker ESET. Now that’s something negligent on part of millions of people on Internet too. When we are aware of Internet crime and such security trespassing, at least we can keep a stronger password and continue reviewing and updating it regularly.
On the other hand, Yahoo Spokeswoman said that the vulnerability was exploited in the Yahoo Contributor Network, an Internet publishing service and an old file was stolen from there. The company is trying to fix this flaw and change the affected user’s credentials along with notifying the companies whose user’s accounts have been leaked.
Rob D’Ovidio, associate professor of criminal justice at Drexel University pointed out that it shows some very lax security practices on behalf of Yahoo. Even after similar situations which occurred last month at LinkedIn which also did not encrypt its sensitive content well, Yahoo did not pay any attention to its systems which led to the breach. At least now, all these Internet giants may consider using some stronger authentication systems.
But then, coming to our utter carelessness, we should sense our mistake too. If we don’t want to get our bank accounts played with and our other official works disrupted, we should first use a password that is comparatively unusual, using digits and special characters. Rather than using names and popular words, go for something that is not found in the dictionary. It increases the chances of a person trying to hack the account using this dictionary analysis to stop in vain after a certain period. Again, keep changing the password after every month.