How to Find Out if Your Email and Password Have Been Hacked

Were you among the roughly 400,000 people whose usernames and passwords were stolen from Yahoo yesterday? How about the 480,000 whose credentials were exposed in a December 2010 hack of Gawker? Or the 860,000 hit by Anonymous’ hack last year of StratFor?

If you don’t know, a website called ShouldIChangeMyPassword.com will tell you. Just enter your email—they won’t store your address unless you ask them to—and click the button that says, “Check it.” If your email has been associated with any of a large and ever-growing list of known password breaches, including the latest Yahoo hack, the site will let you know, and advise you to change it right away.

Two quick caveats. First, just because your email comes back clean on this site doesn’t mean your password has never been stolen. The recent hacks of LinkedIn and eHarmony, for instance, did not pair the stolen passwords with email addresses, so ShouldIChangeMyPassword.com can’t include them in its search.

All that said, you don’t really need to visit any website at all to know whether you should change your passwords: If you haven’t done it in a while, or if your passwords aren’t strong, you should. And try to choose better ones than these Yahoo users.

Source:slate

450,000 passwords posted online as Yahoo server hacked!

Yahoo has confirmed hackers looted nearly a half million passwords and email addresses from one of its servers.

A hacker group calling itself D33DS posted online a massive trove of data it said was unencrypted in a file pilfered from the Sunnyvale, California-based internet pioneer “as a wake-up call not as a threat”.

Yahoo confirmed that a file from its Contributor Network (formerly Associated Content) containing about 450,000 Yahoo and other company users names and passwords was compromised on Wednesday.

Security researchers who sifted through the posted data determined that it included information about accounts at other online services, including Google’s web-based Gmail, AOL and Microsoft’s Live.com.
Advertisement

“We apologise to all affected users,” Yahoo! said in a prepared statement.

“We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users accounts may have been compromised.”

Less than five per cent of the Yahoo account data stolen had valid passwords, the company contended.

The group D33D Company was reported as having used SQL injection to compromise the Yahoo database. The technique refers to insertion of rogue computer code into a SQL database via the exploitation of a website vulnerability.

Affected accounts were reportedly linked to an internet telephone service called Yahoo! Voices, related to the company’s instant messaging feature.

“The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000-plus usernames and passwords are now public,” internet security firm TrustedSec said in a blog post.

The hack came a month after a disturbing rash of security breaches in which members’ passwords were stolen from career-oriented social network LinkedIn as well as US dating website eHarmony and British-based music site Lastfm.com.