A few days ago the security firm TrustedSec revealed that some 450,000 Yahoo passwords have been compromised by a successful "SQL injection" hack. Yahoo has acknowledged the breach. One basic lesson: Your password is only as strong as the system storing it for comparison to login attempts on your account.
And, as it turns out, password protection at Yahoo Voices, a user-content news site, was not very strong at all. Passwords for the site, known as Associated Content before its purchase by Yahoo in 2010, were not encrypted for storage. Thus the hackers gained access to plain-text passwords, and could immediately apply them to the users' other Yahoo accounts, including Yahoo mail.
If you never participated at Yahoo Voices then you have no password there, and don't have to be worried about this particular hack. If you did establish a Voices password, it has been compromised. Meaning that it has also been compromised for any other service for which you used the same password – especially at Yahoo, but potentially anywhere.
How serious this might be depends on your use of that particular password. Many people use a standard password – and usually a weak one – for all of the minor logins that come with being online. And for most of us, it doesn't really matter if hackers learn the password we use to log on and post comments to our favorite baseball or gardening blog. Probably no Eastern European hacker is going to post nasty comments there under your name.
If the compromised password is the same one you use for online banking, however, that is a very different matter. If you ever visited Yahoo Voices (or its former incarnation as Associated Content), and even might have given the same password there that you use for financial transactions, you should change the password on the transaction site immediately.
