I want to share a warning that Yahoo sent to some account holders, and it’s worth noting because it’s a serious issue. Apparently someone was able to obtain email address information and matching passwords for Associated Content, and this could pose an issue for some people who use the same password (or password naming convention) on multiple websites.
Here’s what Yahoo emailed to account holders who were impacted:
“You may have read in press reports that Yahoo! recently confirmed an older file containing approximately 450,000 email addresses and passwords—provided by writers who had joined Associated Content prior to May 2010—was publicly posted on the Internet. This file was a standalone file that was not used to grant access to Yahoo! systems and services. This message is being sent to an email address in this compromised file.
We are taking important steps to address this issue and have now fixed the vulnerability that led to the disclosure of the data and enhanced our underlying security controls. As a non-Yahoo! account holder, we apologize that we cannot provide you a direct means to secure your account. We strongly recommend that you employ the security mechanisms recommended by your email service provider to secure your account.
Additionally, given the high frequency of consumers using the same login information on services across the Internet, we strongly advise users to:
• Change their passwords for any account they hold every few months,
• Use a different password for each service or website, and
• Create passwords using a mixture of characters, symbols, and numbers.
We also suggest that you proactively monitor the activity on any account you have created online. Specifically, be on the lookout for spam originating from your email, and check your sign-in activity from time to time. If you see anything suspicious—like your account was accessed in Romania when you were home in Chicago—you should change your password immediately.
We take security very seriously at Yahoo! and invest heavily in protective measures to ensure the security of our users and their data across all our products. In addition, we will continue to take significant measures to protect our users and their data.
We sincerely apologize for this matter.
Associated Content (now Yahoo Voices) is a website for writers to publish articles. Domain investors may be impacted because Associated Content was used by some publishers to add links to their websites (for SEO and traffic). If you have/had an Associated Content account you should make sure you aren’t impacted.
I recommend having different logins and passwords for registrars, parking companies, email…etc.