Printed from http://www.electronista.com

Yahoo Voices customer sues for lack of information security

updated 06:20 pm EDT, Fri August 3, 2012

User's eBay account used same password as lost Yahoo data

A Yahoo Voices user from New Hampshire is suing the search engine for the compromise of his eBay account as a result of a hacker intrusion. Jeff Allan is suing the crowd-sourced question-and-answer service in California court for improper personal information safeguards, and is seeking compensation for himself and other users affected by the loss of over 400,000 users' data, which included emails addresses and unencrypted passwords on July 11.

Allan claims that his first indication that there was any problem was when eBay contacted him about fraudulent activity with his account, which used the same login and password as those published by hacker group D33DS. The group responsible for the hack called Yahoo to task for lax security and an unencrypted password file: "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

The passwords in the documents acquired from the Yahoo Voices user database are connected to their user-identification email addresses. In less than a week, the Yahoo Voices breach of 400,000 users' credentials joined Phandroid's hack exposing over a million of its users' information, Formspring's breach of 420,000 users, and retailer Billabong losing control of 35,000 plaintext passwords. While the Yahoo breach and the Billabong hack were only user email addresses and plain-text passwords, the Phandroid and Formspring attacks included user names, email addresses, hashed passwords, and IP addresses.

Any single breach may not reveal a large amount of personal information, but it can be used in conjunction with other breaches to see if a given email is using the same password across sites, such as was apparently the case with Allan's eBay account. When an email is tied to a specific, repeated password, it becomes a simple matter to attack e-commerce sites using duplicated credentials and stored credit card information.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Epson PowerLite Home Cinema 2030 projector

With high-definition televisions now the standard, 4K televisions becoming the next big thing, and plasma TVs going the way of the din ...

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Tesoro Tizona G2N Elite gaming keyboard

The market for gaming keyboards is getting crowded, starting off with some fairly simple keyboards and diverging into the land of modu ...

Sponsor

toggle

Most Commented

 
toggle

Popular News