Yahoo Hacked by D33D Company, Breach Extends to Users of Gmail, Hotmail, AOL and Other Email Providers

The Internet Patrol default featured image
Share the knowledge

There was talk over the last week or so that Yahoo had been hacked, but what wasn’t mentioned during this period of speculation was that the potential hacking not only affected Yahoo users, but also users of Gmail, Hotmail, AOL, MSN, Comcast, Verizon, SBC Global, Live.com, and BellSouth. Today, Yahoo confirmed that it has in fact been hacked, indicating that a file with over 400,000 usernames and passwords – taken from various accounts, not just Yahoo accounts – was compromised by a group of hackers known as D33D Company and posted online. The data has since been taken offline.

The stolen usernames and passwords were posted on a website on which D33D explained their reasons for hacking Yahoo. Like some other hacker groups, D33D essentially said they were acting with benevolent intentions, claiming that they were doing Yahoo and its users a favor by pointing out security vulnerabilities. “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” wrote the hackers. “There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.” (See! They even said “please!”)

The hacked accounts belonged to Yahoo’s Contributor Network (YCN). Since you can sign up to participate in this network using non-Yahoo accounts (like Google and Facebook accounts), this is perhaps how user information that is not linked to a Yahoo account was compromised. (It is also possible that the breach only affected an old database of accounts – see below.) However it happened, a not insignificant number non-Yahoo accounts were affected. For example, 106,000 Gmail accounts and 55,000 Hotmail accounts were compromised, according to security researchers at Rapid7, as reported by the New York Times.

Although a major security breach, it could have been worse, and there is no need to immediately panic if you have an account with one of the affected companies. According to Yahoo, fewer than five percent of the exposed passwords were even valid, and Yahoo is changing the passwords of Yahoo accounts that were hacked. Yahoo is also informing the other companies whose user accounts may have been compromised, presumably so that these companies can take their own measures to control the damage.

All of this seems to imply that you will be (or have been) contacted if your account information was part of the D33D attack. However, it is a good idea to change your passwords regularly even in the absence of a security breach, so this is definitely a good time to change any password that is linked to YCN, as well as any passwords that are the same as those linked to YCN.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Crucially, YCN used to be Associated Content before it was acquired by Yahoo, and some following this story are speculating that the hack only penetrated an old database of accounts, accounts that were created with Associated Content. (This might explain why fewer than five percent of the passwords that were compromised are valid.) In one sense this is good because less user accounts were hacked – YCN currently has around 600,000 participants, so evidently not everyone’s account was hacked. However, this also means that anyone who had an account with Associated Content might be at risk, especially if they used their Associated Content password for other sites. If you had an Associated Content password, it may have been exposed, and thus if this same password was used for other accounts, these other account passwords must now be changed. And this is of course the problem with hacks – they rarely effect only the company with the security vulnerability.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

One thought on “Yahoo Hacked by D33D Company, Breach Extends to Users of Gmail, Hotmail, AOL and Other Email Providers

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.