It's no surprise that companies on the consumer internet are collecting a lot of information about their users -- with and without the permission of those users. And that means there are plenty of databases that make an attractive target for hackers.

Unfortunately for users, many of those databases aren't secured properly, and as we've seen time and time again, best practices for how certain pieces of information, such as passwords, are stored go unfollowed.

We're getting yet another reminder of that today as reports indicate that Yahoo has suffered an embarrassing security breach that has exposed more than 400,000 user credentials which include plaintext passwords.

According to the reports, a dump of the credentials was posted on the website of hacker collective D33Ds Company, which claims that it penetrated one of Yahoo's many services using a SQL injection attack. The as-yet-unidentified service is rumored to be Yahoo Voice, and apparently it was a fairly easy heist to pull off.

The really bad news for Yahoo is that D33Ds Company has hinted that Yahoo Voice could be the tip of the iceberg. As detailed by Ars Technica's Dan Goodin, the hacker group indicates that the service breached is not the only vulnerable Yahoo service:

We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.

While it's hard to justify all forms of hacking, even if they're not motivated by a desire to profit or harm, it's also getting difficult to pin all the blame on the hackers. There's simply no excuse for storing passwords in plaintext and companies asking users to register for access to their services have a moral (if not legal) obligation to treat the information provided by users with a reasonable degree of care.

The bad news for consumers is that companies, which include firms like Yahoo but also third party vendors and marketers, are increasingly looking to collect as much information as they can. Big data, they believe, is big business. In many cases, they might be right, but the companies that don't want to find themselves in Yahoo's position should remember that big data also means even bigger responsibilities.

Patricio Robles

Published 12 July, 2012 by Patricio Robles

Patricio Robles is a tech reporter at Econsultancy. Follow him on Twitter.

2647 more posts from this author

You might be interested in

Comments (3)



my yahoo account started sending spam recently - now I know why
My internet Security is my responsibilty so I have beefed it up. everybody should do the same

about 6 years ago

John Courtney

John Courtney, CEO and Executive Chairman at Pay on Results SEO, Content Marketing, Social Media, Digital PR, PPC & CRO from Strategy Digital

Shocking security from Yahoo! And there will be more to come. Security is the one big issue that could threaten the continued rise of e-commerce.

about 6 years ago



@ alvin - not sure what you mean by "My internet Security is my responsibilty so I have beefed it up. everybody should do the same".

It's all very well choosing long and complex passwords/phrases, but if organisations running sites store user credentials in PLAIN TEXT behind lax security, you could have a password that would take the most powerful computer millennia to crack if properly secured, but a half-decent hacker will have easy access to it within minutes.

about 6 years ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.