AAPL Stock: 118.87 ( + 1.06 )

Printed from

Yahoo Voices customer sues for lack of information security

updated 06:20 pm EDT, Fri August 3, 2012

User's eBay account used same password as lost Yahoo data

A Yahoo Voices user from New Hampshire is suing the search engine for the compromise of his eBay account as a result of a hacker intrusion. Jeff Allan is suing the crowd-sourced question-and-answer service in California court for improper personal information safeguards, and is seeking compensation for himself and other users affected by the loss of over 400,000 users' data, which included emails addresses and unencrypted passwords on July 11.

Allan claims that his first indication that there was any problem was when eBay contacted him about fraudulent activity with his account, which used the same login and password as those published by hacker group D33DS. The group responsible for the hack called Yahoo to task for lax security and an unencrypted password file: "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

The passwords in the documents acquired from the Yahoo Voices user database are connected to their user-identification email addresses. In less than a week, the Yahoo Voices breach of 400,000 users' credentials joined Phandroid's hack exposing over a million of its users' information, Formspring's breach of 420,000 users, and retailer Billabong losing control of 35,000 plaintext passwords. While the Yahoo breach and the Billabong hack were only user email addresses and plain-text passwords, the Phandroid and Formspring attacks included user names, email addresses, hashed passwords, and IP addresses.

Any single breach may not reveal a large amount of personal information, but it can be used in conjunction with other breaches to see if a given email is using the same password across sites, such as was apparently the case with Allan's eBay account. When an email is tied to a specific, repeated password, it becomes a simple matter to attack e-commerce sites using duplicated credentials and stored credit card information.

by MacNN Staff



Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented