1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Yahoo, Phandroid passwords leaked

Discussion in 'Article Discussion' started by brumgrunt, 13 Jul 2012.

  1. brumgrunt

    brumgrunt New Member

    Joined:
    16 Dec 2011
    Posts:
    1,009
    Likes Received:
    27
  2. longweight

    longweight Possibly Longbeard.

    Joined:
    7 May 2011
    Posts:
    10,517
    Likes Received:
    217
    So this only effects Yahoo users? Yahoo had the users gmail username and password? :worried:
     
  3. Wingtale

    Wingtale New Member

    Joined:
    29 May 2010
    Posts:
    36
    Likes Received:
    0
    This effects everyone that had an account, even gmail ones
     
  4. will_123

    will_123 Small childs brain in a big body

    Joined:
    2 Feb 2011
    Posts:
    1,060
    Likes Received:
    15
    There is a web app that checks if your email was compromised i checked my gmail, wasn't sure if I had ever used it to login there. Go on enda gadget the link is no there somewhere.
     
  5. longweight

    longweight Possibly Longbeard.

    Joined:
    7 May 2011
    Posts:
    10,517
    Likes Received:
    217
    Meh, changed my gmail password anyway. It was overdue!
     
  6. David

    David RIP Tel

    Joined:
    7 Apr 2009
    Posts:
    13,120
    Likes Received:
    2,149
    This is getting tedious
     
    Pookeyhead and N17 dizzi like this.
  7. DragunovHUN

    DragunovHUN I want to change my name but I also don't

    Joined:
    30 Oct 2008
    Posts:
    5,144
    Likes Received:
    181
    Feck off Yahoo.
     
  8. Cerberus90

    Cerberus90 Car Spannerer

    Joined:
    23 Apr 2009
    Posts:
    7,506
    Likes Received:
    134
    I'm getting fed up of having to think up new passwords too. Its hard enough when you've got hundreds of sites which all need a password.
     
  9. longweight

    longweight Possibly Longbeard.

    Joined:
    7 May 2011
    Posts:
    10,517
    Likes Received:
    217
    It's not hard to have 5 keywords each with a different levels of security.

    Security breaches will happen, this is a punishment for anyone that uses a Yahoo service.
     
  10. Cerberus90

    Cerberus90 Car Spannerer

    Joined:
    23 Apr 2009
    Posts:
    7,506
    Likes Received:
    134
    It says Gmail and hotmail accounts were compromised too, because of Yahoo.

    So even if you don't use Yahoo, your somehow compromised.

    Why the hell have Yahoo got Gmail and hotmail accounts and passwords anyway?



    Might start using PasswordMaker, but have a higher level pass that I use for important sites like banking which I can remember without having to use PasswordMaker.
     
  11. GMC

    GMC Well-Known Member

    Joined:
    26 Jun 2010
    Posts:
    1,502
    Likes Received:
    36
    Isn't Flickr a yahoo service? Can't think of anything else in their stable worth using.

    Google details changed anyway
    Pain in the bum...

    Sent from my HTC Desire HD using Xparent Red Tapatalk 2
     
  12. longweight

    longweight Possibly Longbeard.

    Joined:
    7 May 2011
    Posts:
    10,517
    Likes Received:
    217
    It is, that is why it has it's own special password :)
     
  13. DXR_13KE

    DXR_13KE BananaModder

    Joined:
    14 Sep 2005
    Posts:
    9,117
    Likes Received:
    363
    Why is yahoo still alive?
     
  14. longweight

    longweight Possibly Longbeard.

    Joined:
    7 May 2011
    Posts:
    10,517
    Likes Received:
    217
    It's kept alive for people who still use IE6 and get their internet connection from AOL.
     
  15. PlayLoud

    PlayLoud New Member

    Joined:
    29 Apr 2011
    Posts:
    26
    Likes Received:
    0
    I use Yahoo for my spam email account. My real email account is on Gmail. Time to change the passwords for both. I use Lastpass, so I won't have to remember the new passwords anyway (which is good, since my passwords are all random characters).
     
  16. NethLyn

    NethLyn Member

    Joined:
    24 Apr 2009
    Posts:
    971
    Likes Received:
    17
    Because of the July 9th DNS attack I'd already changed them all last week, including the BT one, which I promptly forgot again and had to re-reset it to post in this thread :) these days I wonder whether the number code you're given for Bit Tech forums is more secure than anything I'd make up myself.

    Changed the ones I use all the time but there's one minor account where I only logged in last week to change its password after that attack [EDIT] - I was going to wait and see if it was genuinely compromised but stuff it, changed that one too. Might as well do it the once and they're all done until the next time.

    The Gmail suggestion is brilliant but again I'd need to use it all the time before I'd want to have a mobile phone around and switched on just to get into email. Changing the password will do for the moment.
     
    Last edited: 15 Jul 2012
  17. theshadow2001

    theshadow2001 [DELETE] means [DELETE]

    Joined:
    3 May 2012
    Posts:
    5,159
    Likes Received:
    141
    It makes me wonder if you really need passwords that are difficult to brute force since passwords tend to be compromised via database attacks and hacks like this.
     
  18. Gareth Halfacree

    Gareth Halfacree WIIGII! Staff Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    12,153
    Likes Received:
    1,674
    The Google two-factor authentication is cleverer than that: the first time you log in to Gmail (or any other Google service) from a particular machine, it will ask you for the two-factor code from the Authenticator app. When you enter this, there's a checkbox: tick the box and it won't ask you for the two-factor code for another 30 days. For systems that don't support two-factor authentication - including, oddly, Android - you can generate one-time passwords which you can individually revoke at any time.
    You should always use secure passwords - it's notable that, in all the recent breaches, only Yahoo was storing passwords as plain text. If proper information security is practised, and passwords stored as irreversible hashes, then the attacker needs to brute-force the hashes - either manually or through a rainbow table. The more secure (mixture of case, letters, symbols, length) your password, the less likely it is the attacker will ever figure out the hash.
     
  19. Guest-16

    Guest-16 Guest

    Agreed.

    It really feels like it doesn't matter WHAT you change it to because right now they're more likely to attack the main server where your data is held rather than each account. It seems like it makes little difference if you change it to qwerty or 09faj49ajf9_+"|~!2 (I don't suggest it, but if I change my password again and it gets taken out again... what's the point)?

    This. (Sorry just read it after I replied).
     
Tags: Add Tags

Share This Page