Yahoo Hacked by D33D Company, Breach Extends to Users of Gmail, Hotmail, AOL and Other Email Providers

The Internet Patrol - Patrolling the Internet for You

There was talk over the last week or so that Yahoo had been hacked, but what wasn’t mentioned during this period of speculation was that the potential hacking not only affected Yahoo users, but also users of Gmail, Hotmail, AOL, MSN, Comcast, Verizon, SBC Global, Live.com, and BellSouth. Today, Yahoo confirmed that it has in fact been hacked, indicating that a file with over 400,000 usernames and passwords – taken from various accounts, not just Yahoo accounts – was compromised by a group of hackers known as D33D Company and posted online. The data has since been taken offline.

The stolen usernames and passwords were posted on a website on which D33D explained their reasons for hacking Yahoo. Like some other hacker groups, D33D essentially said they were acting with benevolent intentions, claiming that they were doing Yahoo and its users a favor by pointing out security vulnerabilities. “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” wrote the hackers. “There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.” (See! They even said “please!”)


The hacked accounts belonged to Yahoo’s Contributor Network (YCN). Since you can sign up to participate in this network using non-Yahoo accounts (like Google and Facebook accounts), this is perhaps how user information that is not linked to a Yahoo account was compromised. (It is also possible that the breach only affected an old database of accounts – see below.) However it happened, a not insignificant number non-Yahoo accounts were affected. For example, 106,000 Gmail accounts and 55,000 Hotmail accounts were compromised, according to security researchers at Rapid7, as reported by the New York Times.

Although a major security breach, it could have been worse, and there is no need to immediately panic if you have an account with one of the affected companies. According to Yahoo, fewer than five percent of the exposed passwords were even valid, and Yahoo is changing the passwords of Yahoo accounts that were hacked. Yahoo is also informing the other companies whose user accounts may have been compromised, presumably so that these companies can take their own measures to control the damage.

All of this seems to imply that you will be (or have been) contacted if your account information was part of the D33D attack. However, it is a good idea to change your passwords regularly even in the absence of a security breach, so this is definitely a good time to change any password that is linked to YCN, as well as any passwords that are the same as those linked to YCN.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

Crucially, YCN used to be Associated Content before it was acquired by Yahoo, and some following this story are speculating that the hack only penetrated an old database of accounts, accounts that were created with Associated Content. (This might explain why fewer than five percent of the passwords that were compromised are valid.) In one sense this is good because less user accounts were hacked – YCN currently has around 600,000 participants, so evidently not everyone’s account was hacked. However, this also means that anyone who had an account with Associated Content might be at risk, especially if they used their Associated Content password for other sites. If you had an Associated Content password, it may have been exposed, and thus if this same password was used for other accounts, these other account passwords must now be changed. And this is of course the problem with hacks – they rarely effect only the company with the security vulnerability.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

One thought on “Yahoo Hacked by D33D Company, Breach Extends to Users of Gmail, Hotmail, AOL and Other Email Providers

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.