This has not been a good few weeks for the world of Internet security. Just over a month ago, business-networking site LinkedIn had the passwords of millions of its users posted to a hacker forum.
Today, Yahoo! Inc. confirmed that a file containing what appear to be usernames and passwords for 453,492 accounts had briefly been posted online. However, it appears that it's not just Yahoo users who may be at risk.
From the New York Times:
Security researchers at Rapid7, a security company, analyzed the dumped account information and found that it included account information not just for Yahoo users but for Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com users. Marcus Carey, a researcher at Rapid7, found that among the data were some 106,000 Gmail accounts, 55,000 Hotmail accounts and 25,000 AOL accounts.
The group responsible for posting the compromised data included this helpful note:
We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.
So, change your passwords (again), and be sure to choose secure ones.