I'm going to say it. Lame! That's what this Yahoo password leak is. Really, Yahoo? Shame!
A group of hackers say they used a common attack, known as SQL injection, to grab 450,000 passwords from a Yahoo database, and they released them to the Web last night. The passwords were stored in plain text and not obscured using a hashing technique, which is standard practice for companies that handle sensitive user data.
I've asked Yahoo to comment on why the company didn't hash the passwords, but so far it's only released a statement confirming … Read more