The call has gone out to Yahoo Japan’s 200 million users to change their passwords, after the company warned that it suspected hackers had managed to access a file containing 22 million user IDs.
Yahoo Japan says that it detected an attempt to gain unauthorised access to its administrative systems on Thursday at approximately 9pm local time.
Although the information taken from Yahoo Japan’s servers is said not to contain passwords, or other personal identifying information required to hijack an account (such as the answers to secret questions), the site has decided that users should reset their passwords regardless.
In a press statement published on Yahoo Japan’s website, the number one search engine in Japan stressed that it had not confirmed that the data had definitely leaked to the outside world, but that it deeply apologised for any inconvenience caused.
Fingers crossed, only user IDs were exposed during the security breach and nothing more serious. But even user IDs should be private, and kept out of the hands of cybercriminals.
Potentially, online criminals now have a database of 22 million Yahoo Japan email addresses – and there are surely slimebags out there who would get a real kick out of spewing out a spam campaign, sending a phishing attack to Yahoo users, posing as a legitimate email from the company, or launching a targeted malware attack.
Hopefully Yahoo Japan will be investigating how the security breach occurred, and putting strong defences in place to prevent it – or anything worse – happening in future.Follow @gcluley