In protecting their users' passwords, LinkedIn and Yahoo did the digital equivalent of putting them in a safe and writing the combination on a Post-it note.
More than 6 million LinkedIn passwords were stolen and reposted on a Russian hacking forum in June. Passwords are typically stored cryptographically and randomized. LinkedIn did the first part, but not the second. That allowed cyber attackers to decipher the passwords and post them in plaintext.
Turns out a lot of you use "linkedin" as your LinkedIn password. Oops.
Yahoo's password failure was much more egregious. A group of seven hackers easily infiltrated Yahoo in July. The really bad news: Yahoo stored its passwords in plaintext. Since Yahoo's site allowed users to log in with credentials from other sites, the hackers snagged usernames and passwords for Google's Gmail, Microsoft's Hotmail, AOL and many other e-mail hosts.
Turns out a lot of you use "password" as your password. Oops. -- David Goldman
