

Yahoo Voices Hacked, Usernames and Passwords Posted Online. - automagical
http://news.yahoo.com/yahoo-voice-hacked-usernames-passwords-posted-online-013617215.html

======
drostie
At the risk of essentially slashdotting myself or making my web host very
angry at me, I have stripped out the passwords so that the only component
remaining is the email addresses, in case you want to check whether you were
part of the breach. (I was not! hooray!)

I am hosting this at: <http://drostie.org/yahoo_leak.txt> . If I receive too
much traffic I may simply pastebin it.

~~~
zecho
Thank you. One of my email addresses is there. Thankfully it's just an account
I use for fantasy baseball. Super obnoxious, though.

------
jgroome
I love how this is a story about Yahoo, reported on Mashable, then cross-
posted to Yahoo News.

~~~
jeremyarussell
[http://cheezburger.com/6419346176?utm_source=trans&utm_m...](http://cheezburger.com/6419346176?utm_source=trans&utm_medium=email&utm_campaign=transglobal)

I made this for that very reason.

------
bigodines
I think these accounts were prior to Yahoo! Acquisition of associatedcontent.
There is NO WAY for a "native" yahoo property to store plain text passwords.
Of course this is a yahoo fault to buy a company with such a weak security...

If this was a leak in yahoo, the number of users with a yahoo e-mail would be
much, much higher.

~~~
tathastu
I presume that means also that the passwords could be different from the
actual yahoo account passwords? Of course people might have kept them the
same...

------
techinsidr
This story is incorrect to boot. It was Yahoo! VOICES with an (S) not Yahoo
Voice.

~~~
ovi256
Well, I find it pretty ridiculous that Yahoo has so many products that Voice
and Voices are different products.

~~~
dhughes
I've never heard of either...either.

------
exim
I can understand the joy feeling for someone to hack something, but what's the
point of posting people's passwords online?

~~~
tomjen3
Could be blackmail gone unanswered (e.g pay us or we publish), could be hatred
of Yahoo (either a competitioner, an employee, or just someone who feels
wronged).

Or it could be a need to prove onself -- see what I can do, now fear my wrath.

Or it could simply be hatred of humanity, you embarrass people enough and they
may lass out on you -- in this case by putting your password online, in other
cases by bringing a gun to school.

Summing up, it strongly depends on who did it.

------
davedd
We did an analysis of the dump:

[http://blog.sucuri.net/2012/07/analysis-of-yahoo-voice-
passw...](http://blog.sucuri.net/2012/07/analysis-of-yahoo-voice-password-
leak-453441-passwords-exposed.html)

Interesting is the lack of "yahoo" as part of the passwords... I would expect
a much higher % from a yahoo leak.

~~~
Squazic
+1 for ninja being 4th most used password

------
dhawalhs
A co-worker's Yahoo account started IM'ing spam links to everybody in his
friend list yesterday. This might be why.

------
charliesome
It's a bit sad that the first bit of correspondence from Yahoo was actually
just a syndicated news article from another source.

It makes you stop and think about whether they take security and their
customers seriously.

------
mistermann
Anyone know exactly what it means to be a yahoo voice user? I use yahoo chat,
and I think I've used voice chat in the past, but I don't see my username in
the dump drostie posted.

------
rb2k_
Is there a simple and free service that sends me an email once my address
shows up in one of the various dumps that leak to the net these days?

------
davedd
A quick tool for end users to check if their emails were compromised:

<http://labs.sucuri.net/?yahooleak>

------
SaulOfTheJungle
Something something nail in the coffin.

------
geekin
WTF - Yahoo news posting about Yahoo's username password hacked...this is
seriously ridiculous.

~~~
s_henry_paulson
No, ridiculous would be them trying to cover it up.

This is perfectly normal.

~~~
tathagatadg
I guess its surprising that it does not cite a official press release from the
company, (which is what you would normally expect), but to another news site.
Also if one of your products faces such a crisis situation, would you want
your users to read the company's reaction in such dispassionate, unapologetic
language?

