Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo Sued For Password Breach

Posted by samzenpus on from the see-you-in-court dept.

twoheadedboy writes "Yahoo is being sued by one of its users, who has claimed the US Internet company was guilty of negligence when 450,000 passwords of the members of the Yahoo Voices blogging community were posted online. Jeff Allan from New Hampshire has turned to a federal court in San Jose, California, after his eBay account, which used the same password as his Voices account, was compromised. The breach at Yahoo followed similar hits on LinkedIn and Nvidia, which together saw millions of passwords leaked."

4 of 93 comments (clear)

  1. Guilty of Negligence by O'Krap · · Score: 5, Insightful

    One could say that reusing a password is negligent....

  2. TRWTF by Anonymous Coward · · Score: 5, Insightful

    On the other hand, neither service X nor service Y should be storing your passwords in such a way that it is possible to recover the actual password.

    1. Re:TRWTF by icebike · · Score: 5, Informative

      Salted passwords don't matter - you can recover the password. Heck, you can reverse engineer hashing algorithms by just making a bunch of passwords then recovering them.

      That would require you not only steal the password hash file but also the software used to create that file, including the salt, etc.

      The point in the current case is that the passwords WERE NOT stored encrypted in any form. They were stored in clear text despite every recommendation never to do this on any system. Its inexcusable.

      Every Linux distribution since the Pleistocene has defaulted to at least a minimally encrypted password file. Yahoo runs nothing but Linux. They would have had to intentionally bypass Linux security basics and roll their own to end up in such a mess.

      They deserve to be sued. Still it will be a hard case to win because there is no law that says they have to be careful or competent.

      --
      Sig Battery depleted. Reverting to safe mode.
  3. Image of Trust by Penurious+Penguin · · Score: 5, Insightful

    Because Yahoo and other similar services pimp the image of being both sophisticated and virtually omnipotent, while offering to manage your affairs, organize your life, provide targeted news headlines and personal suggestions regarding your personal life, and then covertly subpimp your personal data while indifferently and deeply mining your grazing habits -- I think this lawsuit is, compared to others, reasonable, if a lawsuit without grievous injuries or loss can even be so.

    Not everyone has a degree in IT. Perhaps instead of guerrilla advertisement, Yahoo (and other similar services) could cough up at least a token effort for their cattle, I mean customers. Maybe they could reserve some extra ad-space to discourage unknowing subjects from having shared passwords. Maybe they could do a lot more in general, and a lot less too, in a good way.

    I sympathize with neither side in this case, but can empathize with only one. Altruism, despite modern Goliaths, doesn't always need an ulterior motive. Yahoo preys on the sea of humanity, and a few minnows nip back. Pardon me whilst I desiccate myself with tears.

    --
    Forward! -- Emperor Norton, 2012