Email, Password | featured news

Yahoo says it has fixed the vulnerability that allowed 450,000 user email addresses and passwords to be stolen from its user-generated content service, Yahoo! Voices. In a blog posting, Yahoo said that the "compromised information was provided by writers who had joined Associated Content prior to May 2010, when it was acquired by Yahoo!. (Associated Content is now the Yahoo! Contributor Network.) This compromised file was a standalone file that was not used to grant access to Yahoo! systems and services."

Phandroid has announced that a hacker has recently accessed its user database, making off with usernames, email addresses and hashed passwords—and the problem looks like it could affect all of its one million-plus users.

The company said that although the breached accounts include user names from Yahoo and other companies, only 5% of the accounts had valid passwords. Yahoo said it is working to fix the vulnerability and is changing the passwords of the affected users. The company also said it is notifying other companies whose users may have been affected -- earlier we reported that they may include people who use AOL, Gmail, Hotmail and many others.

Yahoo has been the victim of a security breach that yielded hundreds of thousands of login credentials stored in plain text. The hacked data, posted to the hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer's network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain, intended the data dump to be a "wake-up call."

Yahoo Inc. said Thursday it is investigating reports of a security breach that may have exposed nearly half a million users' email addresses and passwords... The little-known group was quoted as saying that they had stolen the passwords using an SQL injection -- the name given to a commonly-used attack in which hackers use rogue commands to extract data from vulnerable websites.

To minimize identity theft, the Obama administration is urging Internet companies to agree upon and adopt a standard, reliable identity-verification system that people can use for any website. Each person would choose one company, perhaps their e-mail service provider, to handle credentials for sensitive personal or financial information on other sites.

Google admitted in a blog post Friday that external regulators have discovered that e-mails, URLs and passwords were collected and stored in a technical while the vehicles for Google's Street View service were out documenting roadway locations.

Some social networking sites ask for your e-mail address and password when you sign up.