Hackers found and posted online hundreds of thousands of email addresses and passwords and the impact hits more than just Yahoo users.
Yahoo allows users to log in with credentials from other sites, such as Gmail, Hotmail, AOL and many other email hosts.
So, when about 443,000 Yahoo email addresses and passwords were exposed Wednesday, usernames and passwords for other accounts were on the list the hackers then posted on a blog site.
Usernames and passwords are stolen virtually every day. In this case, the hack didn’t require much expertise, because the usernames and passwords were not encrypted. Encryption adds a layer of protection by preventing someone who gets into the database from being able to decipher it.
Instead, Yahoo stored the usernames and passwords in plain text, making them immediately intelligible to anyone who got into the database.
The security lapse means people who reuse passwords across multiple websites could be at risk, even if the passwords are long or contain special characters to make them more robust.
The hackers reportedly posted a statement with the list of stolen credentials, saying their goal was to scare Yahoo into storing credentials more securely.
News of the Yahoo breach comes one day after 420,000 member accounts from social network Formspring were compromised, and a few weeks after millions of passwords were leaked online from sites such as LinkedIn and eHarmony.