Over 400,000 accounts were hacked by a rather simple means of entry. Using an SQL injector, the hackers managed to access Yahoo!'s login-info database and make off with as much as they wanted. Of course, security professionals, not to mention users, aren't angry at the hackers as much as they are angry at Yahoo! for not taking enough safety measures to prevent the break-in. According to sources, Yahoo! has not exactly been keeping up as well as it should be in terms of filtering out unwanted pests and dumpster divers, and as a result, the simple methods used that shouldn't have gotten through unfortunately did.
On a side note: If you have received an E-Mail saying that it's from Yahoo! and contains a title like "Yahoo! Avoid cancellation here," DO NOT CLICK IT. If you do, it will take you to a fake login page that will grab your personal info. However, it is a pretty low-effort scam; the url is obviously not associated with Yahoo! In the mean time, be careful and stay informed about hackers and scams.
"NEW YORK (CNNMoney) -- If it wasn't clear before, it certainly is now: Your username and password are almost impossible to keep safe.
Nearly 443,000 e-mail addresses and passwords for a Yahoo site were exposed late Wednesday. The impact stretched beyond Yahoo because the site allowed users to log in with credentials from other sites -- which meant that user names and passwords for Yahoo (YHOO, Fortune 500), Google's (GOOG, Fortune 500) Gmail, Microsoft's (MSFT, Fortune 500) Hotmail, AOL (AOL) and many other e-mail hosts were among those posted publicly on a hacker forum.
What's shocking about the development isn't that usernames and passwords were stolen -- that happens virtually every day. The surprise is how easily outsiders cracked a service run by one of the biggest Web companies in the world"