July 12, 2012, 3:49 PM — Don’t look now, but your Yahoo password may be in the public domain. A hacker group known as D33D has posted some 450,000 Yahoo logins for the world to download. I won’t tell you where to find them; I am sure you can figure that out all by yourself.
The hack affected Yahoo Voices, a crappy content mill, not to be confused with Yahoo Voice, a crappy IP telephony service. Voices (plural) started out life as Associated Content, known around these parts as the Evil Dung Heap of the InterWebs. Yahoo Voices is a Web site for people who desperately want to be published authors, as well as for publishers who desperately want to avoid paying actual authors a living wage.
So forgive me if I am feeling a bit churlish over this breach. The first question that comes to mind is, does anyone still use Yahoo? Really? Why?
The second question: Why did you contribute to Associated Content/Yahoo Voices? If you wanted to do something evil, couldn’t you have just strangled a puppy?
Because the logins were stored entirely unencrypted in plain text (friggin' eedjits), and hackers posted them without any kind of redaction (friggin' a**holes), they’re open for all kinds of fun analysis. CNET’s Declan McCullagh, clearly enjoying a slow news day, wrote a program to analyze the passwords for patterns. Among his many conclusions:
* The word password was used as a password 780 times, not including the 233 times it was used in conjunction with a number, such as 123password.
* The word welcome was used 437 times. Hey, Yahoo Voices users are nothing if not friendly.
* The word freedom and the other somewhat more NSFW f-word were both employed exactly 161 times. Draw your own conclusions there.
* Other popular password terms included ninja (333 times), baseball (133), superman (106) and starwars (52). Given the quality of content generated by most Associated/Yahoo Voice contributors, it comes as no surprise that many are teenagers.
The most common password combo, used nearly 2300 times, was a sequential series of numbers, such as 123456.
The real danger here is a) whether your name and password were among those leaked, and b) if you used the same ones for more important Web sites, such as your bank or Paypal. (If so, change them now. I’ll wait.) Otherwise, this is mostly a cautionary tale.