Printed from http://www.electronista.com

Yahoo Voices customer sues for lack of information security

updated 06:20 pm EDT, Fri August 3, 2012

User's eBay account used same password as lost Yahoo data

A Yahoo Voices user from New Hampshire is suing the search engine for the compromise of his eBay account as a result of a hacker intrusion. Jeff Allan is suing the crowd-sourced question-and-answer service in California court for improper personal information safeguards, and is seeking compensation for himself and other users affected by the loss of over 400,000 users' data, which included emails addresses and unencrypted passwords on July 11.

Allan claims that his first indication that there was any problem was when eBay contacted him about fraudulent activity with his account, which used the same login and password as those published by hacker group D33DS. The group responsible for the hack called Yahoo to task for lax security and an unencrypted password file: "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

The passwords in the documents acquired from the Yahoo Voices user database are connected to their user-identification email addresses. In less than a week, the Yahoo Voices breach of 400,000 users' credentials joined Phandroid's hack exposing over a million of its users' information, Formspring's breach of 420,000 users, and retailer Billabong losing control of 35,000 plaintext passwords. While the Yahoo breach and the Billabong hack were only user email addresses and plain-text passwords, the Phandroid and Formspring attacks included user names, email addresses, hashed passwords, and IP addresses.

Any single breach may not reveal a large amount of personal information, but it can be used in conjunction with other breaches to see if a given email is using the same password across sites, such as was apparently the case with Allan's eBay account. When an email is tied to a specific, repeated password, it becomes a simple matter to attack e-commerce sites using duplicated credentials and stored credit card information.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bringi ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Sponsor

toggle

Most Commented

 
toggle

Popular News