Technology, Password | featured news

Skype says it has resolved a flaw with its password reset tool that could be used to hijack users' accounts on the chat tool.

Yahoo says it has fixed the vulnerability that allowed 450,000 user email addresses and passwords to be stolen from its user-generated content service, Yahoo! Voices. In a blog posting, Yahoo said that the "compromised information was provided by writers who had joined Associated Content prior to May 2010, when it was acquired by Yahoo!. (Associated Content is now the Yahoo! Contributor Network.) This compromised file was a standalone file that was not used to grant access to Yahoo! systems and services."

The company said that although the breached accounts include user names from Yahoo and other companies, only 5% of the accounts had valid passwords. Yahoo said it is working to fix the vulnerability and is changing the passwords of the affected users. The company also said it is notifying other companies whose users may have been affected -- earlier we reported that they may include people who use AOL, Gmail, Hotmail and many others.

Yahoo has been the victim of a security breach that yielded hundreds of thousands of login credentials stored in plain text. The hacked data, posted to the hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer's network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain, intended the data dump to be a "wake-up call."

Yahoo Inc. said Thursday it is investigating reports of a security breach that may have exposed nearly half a million users' email addresses and passwords... The little-known group was quoted as saying that they had stolen the passwords using an SQL injection -- the name given to a commonly-used attack in which hackers use rogue commands to extract data from vulnerable websites.

A Russian hacker claims to have uploaded almost 6.5 million LinkedIn passwords, The Verge reports. LinkedIn in says in a tweet that "Our team is currently looking into reports of stolen passwords. Stay tuned for more."

To minimize identity theft, the Obama administration is urging Internet companies to agree upon and adopt a standard, reliable identity-verification system that people can use for any website. Each person would choose one company, perhaps their e-mail service provider, to handle credentials for sensitive personal or financial information on other sites.

Does this person sound familiar? He can’t be bothered to type a password into his phone every time he wants to play a game of Angry Birds. When he does need a password, maybe for his email or bank website, he chooses one that’s easy to remember like his sister’s name—and he uses the same one for each website he visits. For him, cookies come from the bakery, IP addresses are the locations of Intellectual Property and a correct Google search result is basically magic. Most of us know someone like this.

Consumer Reports, a longtime trusted name in product ratings and reviews, has today released their annual "State of the Net" report, whose findings suggest that over half (52%) of social network users post risky information online. Among the transgressions: using weak passwords, listing full birth dates, ignoring privacy settings and making mention of when you're away from home, to name a few.

If you're on Twitter, it may be a good idea to change your password this morning.