Early this morning it was revealed by a group of hackers, and now confirmed by Yahoo, that they’d busted past Yahoo’s security forces and posted the passwords for 400,000 user accounts online. This posting was accompanied by a note that warned Yahoo and similar sites to re-think their security measures. Meanwhile Yahoo has stated that they are investigating the matter and that, of course, they encourage everyone in their network to change their passwords immediately and frequently thereafter to retain privacy for all of their accounts.
The first note to be pushed today was made by the group of hackers responsible for the incident, this note telling Yahoo that they do not mean to cause the organization any harm, but that they wish Yahoo to take action in the form of much higher security measures in the future. This note read thusly:
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.” – Anon
Not to be mistaken for the hacker collective known as “Anonymous”, this initiative simply did not sign their name anywhere in the document. According to the BBC, Yahoo has sent a message out to them to confirm the situation and their actions in short:
“We are currently investigating the claims of a compromise of Yahoo! user IDs. [We encourage users to] change their passwords on a regular basis.” – Yahoo Spokesperson
This would be a great opportunity for everyone out there reading this post to head to your many varied accounts and change your passwords from something silly like “password123” to something a bit more challenging like “donot8pickthis9!” That way you’ll be a bit more secure and wont be dumped like the 400k users today were overnight.