In case you hadn't heard, nearly a million account details were publicized within the last two days. Here's the breakdown:
- Yahoo - 453,492
- Formspring - 420,000
- Billabong.com - 20,000-35,000
The Yahoo accounts were acquired by hackers through a vulnerability in its Yahoo Voice subdomain, which might also reveal access info to many other users' accounts. The group behind the attack, D33Ds, noted, "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat." The release also included 2,700 database table or column names and 298 MySQL variables.
On Tuesday, social network Formspring revealed that 420,000 accounts had been compromised. The company responded by resetting passwords for all of its 28 million users. "Once we were able to verify that the hashes were obtained from Formspring, we locked down our systems and began an investigation to determine the nature of the breach," wrote Formspring founder Ade Olonoh. "We found that someone had broken into one of our development servers and was able to use that access to extract account information from a production database."
Billabong is an Australia-based clothing retailer. Only 1,435 of the accounts stolen from there server were publicly released.
A CNET investigation into the Yahoo reveal noted that the most popular password was "123456," followed by "password." Come on people... really?
UPDATE: Android discussion forum Phandroid has informed users that a hacker accessed and may have downloaded account information for its more than a million users.