Yahoo Japan says 22 million user IDs may have been stolen

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.networkworld.com/news/2013/052013-yahoo-japan-says-22-million-269914.html?source=nww_rss

IDG News Service - Yahoo Japan, the country's largest Web portal, said
up to 22 million user IDs may have been leaked during a hack that was
discovered last week.

The company emphasized that the IDs are already public information,
and no passwords or other private data were affected. Yahoo Japan IDs
are used along with password to log in to the site, and are often
displayed when users leave comments or use its shopping or auction
services.

Yahoo Japan said it discovered illicit access to its ID servers on
Thursday evening, and upon further investigation found a file with 22
million user IDs on it. The company said it wasn't sure if the file
had been transferred outside of the company, but couldn't deny the
possibility.

The website posted warnings of the possible breach on its login pages,
and offered a service for users to check if their IDs were among those
that were possibly leaked. Yahoo Japan said last year it had over 24
million active user IDs.

Yahoo Japan does not allow users to change their IDs without creating
an entirely new account, which means losing access to existing mail
and other data. The company does allow creation of a secondary user ID
it calls a "Secret ID," which is used solely for logging in and not
meant to be shared publicly.

The company introduced the Secret ID feature as part of a security
upgrade after a security breach last month. Yahoo Japan said it had
discovered a malicious program on company servers that had extracted
user data for 1.27 million users, but the program was stopped before
it leaked any of the data outside of the company.

Yahoo Japan is the country's most-visited Web property, according to
Web data provider Alexa, and the 15th most visited site globally. It
is majority owned by Softbank, which also runs one of the country's
largest mobile phone operators and a large broadband service. Yahoo
holds a 35 percent stake in the portal.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.