Yahoo confirmed a security breach Thursday that led to a leak of over 450,000 usernames and passwords.
The information was obtained from Yahoo Voices, previously Associated Content, a site used for publishing articles online. A hacker group called D33D’s Co. claimed responsibility not only for the publication of the sensitive information on Yahoo accounts but many non-Yahoo IDs, such as Gmail and Hotmail, as well.
The group retrieved file listings of user IDs that were dated before May 2010 when it was under Associated Content.
Though Yahoo said less than 5 percent of the accounts were still valid, the company’s lack of web security is drawing criticism from across the Internet. The usernames and passwords were reportedly in plain text and unencrypted, which is fairly unheard of in the cyber-security profession nowadays.
The morality of “hacktivism” — using computers to try to achieve political change — is a questionable topic in and of itself, but it’s pretty clear that D33D Co. didn’t react to an infringement on civil liberties of some sort; they exploited a latent vulnerability.
Despite Yahoo’s lamentable flaws in their web application, D33D Co. is tiptoeing the line between vigilance and misguided aggression.
When “cyber warfare” is aimed toward government agencies, at least there’s a convoluted argument that it’s ensuring transparency in institutions that serve the interest of the people. The problem is that the same argument does not apply when innocent people’s privacy is attacked at the expense of corporate protest.
The group responsible for the attack was quoted as saying “We hope that the parties responsible for managing the security of this sub-domain will take this as a wake-up call.’’
Though the “parties responsible for managing security” might have caught some heat for their negligence, they were not the parties that were really hurt by the “wake-up call.”
There will undoubtedly be a ripple effect resulting from the breach, and it will be extremely difficult to measure the impact.
Amidst the most recent big-name hacking scandals in the news, notably LinkedIn and Best Buy, everyday users with no socioeconomic or political affiliations are the ones ultimately bearing the brunt of these attacks.
Yahoo Voices is a community of writers that provides the very same type of information that many hackers and internet activists claim to fight for. Using presumably innocent people’s private information as a means to justify an unclear end just seems opportunistic.
Granted, Yahoo should take a lesson from this hacking, and ultimately, they can be held responsible for not ensuring more stringent safety measures. But D33D should by no means receive praise. The notion that these hackers are cowboys of the information age is growing in popularity, but in reality, this is an embellishment.
Basically, it’s making an exhibition of citizen’s lack of online security and acting as if you’re protesting corporate inefficacy.
Nick Bell is a media production senior and may be reached at [email protected].