Friday, July 13, 2012

Another day, another round of password breaches...

Today it's accounts at the website of surf clothing company Billabong, and the online forums of technology firm NVIDIA that are affected. More info here from Threapost.com.

Thursday, July 12, 2012

Yahoo passwords breach

News broke today of a breach of almost 450,000 passwords from a service belonging to yahoo.com.
Initial analysis of the leaked passwords appears to show they were stored in plain text, and that they were stolen using a SQL injection attack.

Yahoo said that the passwords were from an old, out of date file, and that only 5% were valid acounts.Whether they were current or out of date, and how many were valid yahoo accounts doesn't matter. Storing user passwords in an unencrypted form puts the owners of those accounts at risk. Period. Although best practice says that you use different passwords for each service you use, we all know that some people use the same password for every single website in their life.

All yahoo.com users should change their password on yahoo itself and on all other sites where they use the same password.