As we should all know by now, Yahoo announced at the end of last week that it had been massively hacked – exposing details of half a billion accounts.
Well, it gets worse because – as the Bitcrack Computer Security blog points out – it turns out it’s not as simple as just checking whether you have a Yahoo, BT Yahoo Mail or Sky email address…
Similar to how Google allows you to host your domain with Google Apps, Yahoo! allows you to host your domain and thus email and other services with them. What this means of course, is that the login account Yahoo! kept in its database for your “custom” domain was also stolen in the leak.
My research shows that at least 572,162 domains are using Yahoo! as their email provider, and thus Yahoo!’s web-based account services and portals.
The Yahoo hack is believed to date from late 2014, and was only made public in the last few days. Which means that the hackers have had plenty of time to exploit the information they snaffled up: users’ names, email addresses, dates of birth, hashed passwords, and security questions and answers.
But here’s the kicker. It’s not just if you have a yahoo.com, yahoo.co.uk, or Sky email address. There are half a million domains set up to use Yahoo’s mail services – potentially exposing a frightening number of businesses and organisations around the world.
Bitcrack has created an online tool which will help you quickly verify if your domain is using Yahoo for its mail services.
If you have an email account at one of those 572,162 domains you may wish to follow the advice I previously gave to Yahoo users – because I’m afraid it seems it’s relevant to you too.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.