This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/technology-18811300#sa-ns_mchannel=rss&ns_source=PublicRSS20-sa
The article has changed 3 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| Yahoo investigating exposure of 400,000 passwords | Yahoo investigating exposure of 400,000 passwords |
| (about 1 hour later) | |
| Web giant Yahoo has confirmed it is investigating a breach of its system which may have exposed 400,000 user IDs. | Web giant Yahoo has confirmed it is investigating a breach of its system which may have exposed 400,000 user IDs. |
| US security firm Trustedsec said the attack appeared to have originated from servers connected to Yahoo Voices, a user-generated section of the site. | US security firm Trustedsec said the attack appeared to have originated from servers connected to Yahoo Voices, a user-generated section of the site. |
| It said that hacking group D33DS had claimed to be behind the attack. | It said that hacking group D33DS had claimed to be behind the attack. |
| Hours after the attack came to light, Yahoo had not put a warning on its site. | Hours after the attack came to light, Yahoo had not put a warning on its site. |
| In a statement Yahoo said: "We are currently investigating the claims of a compromise of Yahoo! user IDs," adding that it encouraged users to "change their passwords on a regular basis". | In a statement Yahoo said: "We are currently investigating the claims of a compromise of Yahoo! user IDs," adding that it encouraged users to "change their passwords on a regular basis". |
| She said it was unclear which part of the network was affected. Initially a Yahoo spokesman told the BBC that the problem had originated at Yahoo Voice, its IP telephony service. | She said it was unclear which part of the network was affected. Initially a Yahoo spokesman told the BBC that the problem had originated at Yahoo Voice, its IP telephony service. |
| The document which gives details of the hack does not make clear which Yahoo service was targeted. | The document which gives details of the hack does not make clear which Yahoo service was targeted. |
| According to US security firm Trustedsec, the compromised Yahoo passwords were associated with a variety of email addresses including those from yahoo.com, gmail.com and aol.com. | According to US security firm Trustedsec, the compromised Yahoo passwords were associated with a variety of email addresses including those from yahoo.com, gmail.com and aol.com. |
| It said that hackers used a well-established technique known as SQL injection to extract the sensitive information from the database. | It said that hackers used a well-established technique known as SQL injection to extract the sensitive information from the database. |
| "The most alarming part of the entire story was the fact that the passwords were stored entirely unencrypted," the security firm said in its blog. | "The most alarming part of the entire story was the fact that the passwords were stored entirely unencrypted," the security firm said in its blog. |
| Initial analysis by security firm Impervia suggests that the compromised database may have contained some private data as well including names, addresses including postcode, phone numbers and dates of birth. | |
| Reset passwords | Reset passwords |
| Meanwhile social network Formspring has disabled nearly 30 million passwords following a separate attack. | Meanwhile social network Formspring has disabled nearly 30 million passwords following a separate attack. |
| It said it was a precautionary move after 420,000 passwords showed up on a security forum. | It said it was a precautionary move after 420,000 passwords showed up on a security forum. |
| Formspring, which launched in 2009 as a crowd-powered question-and-answer site, has asked users to reset their passwords. | Formspring, which launched in 2009 as a crowd-powered question-and-answer site, has asked users to reset their passwords. |
| In a blog post it confirmed that a breach had occurred after someone hacked into one of the San Francisco-based company's servers. | In a blog post it confirmed that a breach had occurred after someone hacked into one of the San Francisco-based company's servers. |
| A spokeswoman said it had been alerted on Monday that some 420,000 encrypted passwords had shown up on a security forum which she refused to name because she did not want to draw attention to it. | A spokeswoman said it had been alerted on Monday that some 420,000 encrypted passwords had shown up on a security forum which she refused to name because she did not want to draw attention to it. |
| Encrypted passwords aren't immediately useable, although they can sometimes be decoded by a clever attacker. | Encrypted passwords aren't immediately useable, although they can sometimes be decoded by a clever attacker. |