The passwords to 432,000 email accounts were leaked last night from an older file associated with the Yahoo! Contributor Network. Yahoo claims that only about 5 per cent of the accounts had valid (current) passwords, but here’s how to check if your ancient account is one of them.
Security company Sucuri has put together a tool to check if your email is included in the 400,000+ accounts affected. It also notes that you might want to check even if your account isn’t at Yahoo:
[Sucuri] notes that 135,599 emails came from yahoo.com; but that a further 106,185 came from gmail.com; 54,393 from hotmail.com; 24,677 from aol.com; 8,422 from comcast.net and 6,282 msn.com.
Here’s Yahoo’s statement on the hack:
At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday,July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologise to affected users. We encourage users to change their passwords on a regular basis and also familiarise themselves with our online safety tips at security.yahoo.com.
All told, it’s unlikely you’ve got anything to worry about, but it’s better to be safe than hacked into oblivion. [TechCrunch]