Yahoo’s recent password leak might not have been a one-time event. PC security experts say that Yahoo does not have an effective mechanism in place to prevent another SQL injection attack, meaning it’s only a matter of time before hackers try to take a shot at Yahoo’s notoriously weak database protection again.
The attack that occurred last week exposed close to half a million user accounts and passwords on Yahoo Voice. This information was rapidly spread online, making it easy for hackers and even the most inexperienced identity thief to gain access to Facebook accounts or banking information. This left many Yahoo Voice users completely out of luck.
However, the group behind the SQL injection attack – D33d Company, painted their attack in an altruistic light. Instead of exposing the data of hundreds of thousands of innocent users, the group stated they wanted to show people just how weak Yahoo’s security system was – and how vulnerable it would be to a future attack.
The recent data leak only involved Yahoo Voice users. However, if the next data leak involves users of other popular Yahoo services – say Yahoo Mail or Yahoo Answers, then the leak could affect millions of people.
Until Yahoo implements safer security measures for its database, make sure your Yahoo account is free of all personal data, and don’t use your Yahoo password on any other account. At this point, it’s simply too risky.
How do I avoid these problems in the future?
If you’re like most people, then you don’t want other people to know your password, email, or other sensitive personal data. To protect yourself from leaks like this in the future, take a few precautionary steps:
-Don’t use the same password for all your accounts. If one site experiences a data leak, your entire network of accounts will be compromised.
-Use antivirus software or PC Cleaner Pro. Using PC protection software can help you avoid malware infestations and alert you before traveling to a malicious website.
-Don’t open suspicious emails
-Don’t give out your personal information over an unsecured (non-https) connection