What You Might Not Know About Yahoo's Data Breach

| No Comments | No TrackBacks

You've probably heard about the recent Yahoo data breach, in which upwards of 450,000 users had their email addresses and passwords stolen and leaked for hackers and identity thieves to do their worst with.  It took Yahoo a few days to contact people whose information had been compromised even after news of the breach hit the Internet; to say that they dropped the ball would be an understatement.  The fact that the breach happened at all is horrible, but that's not actually the main focus of today's blog. I've mentioned time and time again that you can never be certain who may have access to your information...well, the Yahoo breach, and a reader's email, really drives this point home.

This week I received an email from someone relaying that as soon as he was made aware of the Yahoo breach, he immediately jumped online and changed his password. Trouble is, he wasn't quick enough to change it elsewhere. He had been using the same password for another online account and by the time he realized it, and acted to change it, someone had beaten him to it. But, that's not what prompted him to write --or this blog post. Instead it was his unique insight that he thought I might not be aware of and might find of interest to share. He was right on both counts.  

You see, the Yahoo breach didn't occur with the main Yahoo website.  The theft of data occurred through a section of the Yahoo website known as Yahoo Voices.  Voices allows users to publish articles and other content on a wide range of topics, letting their opinions be heard and sometimes even making a little bit of money in the process.  The thing about Yahoo Voices is that it wasn't always a part of Yahoo; before Yahoo bought it, the site was producing similar content under the name Associated Content.

When Yahoo purchased Associated Content, along with the articles and other content that had been published by the company they also gained the AC writing community.  Some writers were and likely still are very active, while others only wrote periodically or stopped writing for the company years earlier.  Their accounts were still active in the Associated Content database, however, and it was this database that transferred over to Yahoo Voices.  I imagine that you can see where I'm going with this.

The Yahoo Voices data breach didn't just contain email addresses for writers who were actively producing content for Voices, but also for a number of people who hadn't written a single word for the site since before the Yahoo purchase.  Writers who hadn't interacted with Yahoo in any way had their login information stolen because Yahoo didn't encrypt the data in a way that would have kept it safe.  They had no idea years ago when they signed up with Associated Content that their information would be put at risk, especially by a different company than the one that they signed a contributor agreement with.

This is why I keep pushing for diligence in protecting your information. None of us know when someone else might spill our secrets; the company that you trust with your personal information today might be bought out by someone else tomorrow, next month or next year, and you have no way of knowing whether that new company will protect your data as well as the old. Update your passwords regularly, not just to your email account but also to any website where you use that account as a login.  It's also important that you use different passwords at different sites, since otherwise someone could try to access a wide range of accounts just by trying the same username and password combination all over the Internet.

Hopefully you'll never fall victim to a data breach like this, but if you practice good online safety habits, you will limit the potential damage that thieves and hackers could do with your stolen information.


No TrackBacks

TrackBack URL: http://www.givemebackmycredit.com/cgi-bin/mt/mt-tb.cgi/1035

Leave a comment

A memoir exposing the steep price consumers pay when facing mortgage servicing errors, inaccurate credit reporting, illegal debt collection practices, identity theft and weak consumer protection laws. THE BOOK » DENISE'S STORY »