A Yahoo hack stole passwords from 400,000 user accounts. Add those to the millions snatched last month and it's easy to feel numb toward these breaches. Resist that urge. Friends and associates may pay for your inaction.
Yahoo confirmed Thursday that more than 400,000 user e-mail addresses and passwords have been compromised and posted online. The hackers claim to be do-gooders, breaking into Yahoo to shine a light on its potentially lax security.
Regardless of their intentions, the passwords are now online for everyone to see. The strike comes just a month after millions of passwords leaked onto the Internet. LinkedIn, the business-oriented social network, confirmed that nearly 6.5 million user passwords had wound up on websites frequented by criminal hackers. The same week, dating site eHarmony and the Internet radio service Last.fm acknowledged additional breaches that exposed the passwords of at least 1.5 million users.
If you use any of these sites, change your passwords immediately.
This rapid-fire series of announcements raises the question: Why would hackers target these sites? What could possibly be culled from someone's online résumé and dating history?
A lot, says Marian Merritt, Internet-safety advocate for the computer security company Symantec. People on LinkedIn share all kinds of information about their career history – names, associations, and department titles. Armed with details about someone's past, a hacker might pose as a former co-worker or pretend to be that person in order to scam people out of money.