Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > Yahoo Voices customer sues for lack of information security

Yahoo Voices customer sues for lack of information security
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Aug 3, 2012, 03:21 PM
 
A Yahoo Voices user from New Hampshire is suing the search engine for the compromise of his eBay account as a result of a hacker intrusion. Jeff Allan is suing the crowd-sourced question-and-answer service in California court for improper personal information safeguards, and is seeking compensation for himself and other users affected by the loss of over 400,000 users' data, which included emails addresses and unencrypted passwords on July 11.

Allan claims that his first indication that there was any problem was when eBay contacted him about fraudulent activity with his account, which used the same login and password as those published by hacker group D33DS. The group responsible for the hack called Yahoo to task for lax security and an unencrypted password file: "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage." The passwords in the documents acquired from the Yahoo Voices user database are connected to their user-identification email addresses. In less than a week, the Yahoo Voices breach of 400,000 users' credentials joined Phandroid's hack exposing over a million of its users' information, Formspring's breach of 420,000 users, and retailer Billabong losing control of 35,000 plaintext passwords. While the Yahoo breach and the Billabong hack were only user email addresses and plain-text passwords, the Phandroid and Formspring attacks included user names, email addresses, hashed passwords, and IP addresses. Any single breach may not reveal a large amount of personal information, but it can be used in conjunction with other breaches to see if a given email is using the same password across sites, such as was apparently the case with Allan's eBay account. When an email is tied to a specific, repeated password, it becomes a simple matter to attack e-commerce sites using duplicated credentials and stored credit card information.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 10:19 AM.
All contents of these forums © 1995-2015 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2015, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2