Check Your Passwords: Yahoo Warning

I want to share a warning that Yahoo sent to some account holders, and it’s worth noting because it’s a serious issue. Apparently someone was able to obtain email address information and matching passwords for Associated Content, and this could pose an issue for some people who use the same password (or password naming convention) on multiple websites.

Here’s what Yahoo emailed to account holders who were impacted:

“You may have read in press reports that Yahoo! recently confirmed an older file containing approximately 450,000 email addresses and passwords—provided by writers who had joined Associated Content prior to May 2010—was publicly posted on the Internet. This file was a standalone file that was not used to grant access to Yahoo! systems and services. This message is being sent to an email address in this compromised file.

We are taking important steps to address this issue and have now fixed the vulnerability that led to the disclosure of the data and enhanced our underlying security controls. As a non-Yahoo! account holder, we apologize that we cannot provide you a direct means to secure your account. We strongly recommend that you employ the security mechanisms recommended by your email service provider to secure your account.

Additionally, given the high frequency of consumers using the same login information on services across the Internet, we strongly advise users to:

– Change their passwords for any account they hold every few months,
– Use a different password for each service or website, and
– Create passwords using a mixture of characters, symbols, and numbers.

We also suggest that you proactively monitor the activity on any account you have created online. Specifically, be on the lookout for spam originating from your email, and check your sign-in activity from time to time. If you see anything suspicious—like your account was accessed in Romania when you were home in Chicago—you should change your password immediately.

We take security very seriously at Yahoo! and invest heavily in protective measures to ensure the security of our users and their data across all our products. In addition, we will continue to take significant measures to protect our users and their data.

We sincerely apologize for this matter.
Yahoo! Inc.

Associated Content (now Yahoo Voices) is a website for writers to publish articles. Domain investors may be impacted because Associated Content was used by some publishers to add links to their websites (for SEO and traffic). If you have/had an Associated Content account you should make sure you aren’t impacted.

I recommend having different logins and passwords for registrars, parking companies, email…etc.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

4 COMMENTS

  1. I came “home” Thursday evening and could not access my email account. I thought it had been hacked as I have received dozens of emails purporting to be AT&T or Yahoo or Paypal etc over the last year or so stating they needed my signin and password for some reason or another. Anyway, my email is back but that was a scare given all the historical data in that email account. I went ahead and changed the passwords on a couple of other accounts.

  2. Why did this list even exist in the first place. Companys should follow the golden rule with passwords. Treat people’s passwords how they would want their passwords to be treated. That being said, passwords should always be stored encrypted. If they are stored encrypted then nobody will be able to know what it is. It will not even be able to be retrieved, only reset. Any place that supports password retrieval is not encrypting your password, at least not appropriately.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

Handoff to Dan on Imported Leads Can be Confusing

0
I've been using the lead import option at Dan.com more regularly. Although the 5% commission is not ideal, transactions tend to move more quickly...

ArtificialIntelligence.com Goes Up for Sale

7
I tried to buy the ArtificialIntelligence.com domain name multiple times over the last 10 years. The emails I sent to the registrant went unanswered,...

EU Gives More IP Protection to Food & Drink Producers

0
Did you know that some well-known food and drink varieties are protected intellectual property regulations? Popular types of drinks and foods that are protected...

Price Testing

1
In 2022, my wife and I decided our kids were ready for some big mountain skiing and we planned a trip to the Rocky...

GoDaddy Making You Sign in to See What You Renewed (Updated)

3
This morning, I noticed something different in a domain name renewal email from GoDaddy. Instead of telling me exactly what domain names I renewed...