Almost half a million Yahoo user accounts were compromised in a recent exploit. If you’re a current Yahoo service user or have an old account with a shared password on it, now’s the time to change it. Read on to get a refresher on good password practices.
Ars Technica reports on the breech:
The dump, posted on a public website by a hacking collective known as D33Ds Company, said it penetrated the Yahoo subdomain using what’s known as a union-based SQL injection. The hacking technique preys on poorly secured web applications that don’t properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information.
To support their claim, the hackers posted what they said were the plaintext credentials for 453,492 Yahoo accounts, more than 2,700 database table or column names, and 298 MySQL variables, all of which they claim to have obtained in the exploit.
Because of the unfortunate frequency of personal and large-scale password compromises, we’ve got a handy guide to recovering after your email password is compromised.
If you’d like to search the released logins and see if your account was compromised, you can do so here.