Since the Internet came to prominence, user passwords and vital information have been stolen and posted out in the open for all to see. It has come to a point where it’s an accepted risk of using the Internet, there’s a chance your information will be stolen. It seems like the number of attacks and account information being released is on the rise, and over two days in July – 12 and 13 – two websites had account information compromised.
The two breaches happened to Yahoo and Phandroid.
The Phandroid leak
Phandroid is a large Android centric website, widely considered by many to be the main source for Android related news. It was announced on July 13 that over 1 million user IDs had been hacked. Information leaked included email addresses, passwords and other information.
Representatives from Phandroid noted that passwords leaked were hashed – protected with a harder to break code – and thought that the purpose of the attack was to get email addresses for future spam campaigns. If you have an account on Phandroid, you can check and see if your account was part of the attack at Should I change my password?
Did you Yahoo?
Yahoo announced on the 12th that slightly more than 450,000 accounts had been compromised, and the information placed on websites available for anyone to download. Yahoo hasn’t officially announced what service’s accounts were leaked, but, other websites have announced the accounts belonged to Yahoo Voice.
The attack was orchestrated by a hacker collective called D33Ds Company, who released the list in plain text format – it can be read by anyone – on a number of websites. D33Ds Company did withhold more sensitive data, and it seems the attack was meant to serve as a wakeup call to Yahoo. At the end of the document they left a message, ”We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.”
If you have a Yahoo account and are worried that your account may have been one of the ones leaked, dazzlepod.com has a the whole list online, minus passwords. If you’re one of the unlucky ones, be sure to change your password post haste.
The recent LinkedIn account leak and these two leaks have made for a rough last month in the security industry. We strongly recommend that you take steps to change your passwords on a regular basis to minimize the chance of your data and information being stolen. If you have any questions about these incidents, or are worried about your company’s security, please contact us.