It's been a harrowing few days for Yahoo. Earlier this week, the Yahoo Contributor Network became the victim of an SQL injection attack, with the hackers taking 450,000 email addresses and passwords with them when they left. Today, Yahoo says that it has put additional security measures in place in the aftermath of the attack, and gave us a better idea of who is at risk now that this information is out in the open.
According to Yahoo, the passwords and emails that were stolen belonged to members who signed up for Associated Content prior to May 2010, which is when Yahoo purchased Associated Content and turned it into the Yahoo Contributor Network. If you are one of those longtime users and signed up for Associated Content with a Yahoo email address, Yahoo asks that you log into that account, where you'll be greeted by a number of account authentication questions. Obviously, if you use the same email address and password across multiple online accounts, it's probably a good idea to go and change those too.
In a statement made today, Yahoo says that it has identified and fixed the vulnerability that allowed the hackers access in the first place. The company has also "deployed additional security measures for affected Yahoo users, enhanced our underlying security controls" and is currently in the process of notifying users who were affected by the attack.
The hackers said that they wanted this to serve as a wake-up call for those involved. With Yahoo scrambling to beef up security and keep the negative buzz to a minimum, it looks like their plan worked.