Printed from http://www.electronista.com

Yahoo Voices customer sues for lack of information security

updated 06:20 pm EDT, Fri August 3, 2012

User's eBay account used same password as lost Yahoo data

A Yahoo Voices user from New Hampshire is suing the search engine for the compromise of his eBay account as a result of a hacker intrusion. Jeff Allan is suing the crowd-sourced question-and-answer service in California court for improper personal information safeguards, and is seeking compensation for himself and other users affected by the loss of over 400,000 users' data, which included emails addresses and unencrypted passwords on July 11.

Allan claims that his first indication that there was any problem was when eBay contacted him about fraudulent activity with his account, which used the same login and password as those published by hacker group D33DS. The group responsible for the hack called Yahoo to task for lax security and an unencrypted password file: "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

The passwords in the documents acquired from the Yahoo Voices user database are connected to their user-identification email addresses. In less than a week, the Yahoo Voices breach of 400,000 users' credentials joined Phandroid's hack exposing over a million of its users' information, Formspring's breach of 420,000 users, and retailer Billabong losing control of 35,000 plaintext passwords. While the Yahoo breach and the Billabong hack were only user email addresses and plain-text passwords, the Phandroid and Formspring attacks included user names, email addresses, hashed passwords, and IP addresses.

Any single breach may not reveal a large amount of personal information, but it can be used in conjunction with other breaches to see if a given email is using the same password across sites, such as was apparently the case with Allan's eBay account. When an email is tied to a specific, repeated password, it becomes a simple matter to attack e-commerce sites using duplicated credentials and stored credit card information.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News