Dear Bloggers,

To add to the ever growing list of companies who have been hacked, Yahoo has now confirmed a database breach consisting of 400,00 usernames and passwords from their Contributor Network site.

To add insult to injury, the credentials stolen were stored on Yahoo's site unencrypted and have now been made public for all the world to see.

I'm a little surprised to note that the most common passwords were '123456' and 'welcome'. Actually, I'm passed surprised, I'm appalled! In this day and age when SO much personal and financial information is stored online, how can a person not perform a due diligence and create a strong password for their information. Would this at least give their data a fighting chance to staying out of the public eye??

The breach occured through a SQL injection attack and obtained the data in clear text. This should not be a foreign concept to hear as this was a common threat seen in the Verizon Data Breach Investigations report.

Yahoo has reported that the security vulnerability has been fixed and has increased their security measures and controls to prevent this type of attack in the future.

This seems to be a weekly cycle of information found on the scmagazine.com website...company reports a breach, vulnerability has been patched......company reports a breach, vulnerability has been patched....... it's a scary merry-go-'round that is happening all too often.

Oh look! Billabong has just reported a breach!!! <Sigh>

Until next time.....

References

Kaplan, D. (July, 2012). Yahoo confirms breach, passwords appear not encrypted. Retrieved from http://www.scmagazine.com/yahoo-confirms-breach-passwords-appear-not-encrypted/article/250002/

Kaplan, D. (July, 2012). Yahoo closes security hole that led to password breach. Retrieved from http://www.scmagazine.com/yahoo-closes-security-hole-that-led-to-password-breach/article/250426/