ASK Sucuri: What should I do if my email is in the Yahoo Leak?

We love to get questions from you, our readers, in our Ask Sucuri series. If you have any questions about website malware, blacklisting, or security in general, send us an email to: info@sucuri.net or hit us on Twitter – @sucuri_security.


Yesterday we released a blog post about the Yahoo Leak, and created an online tool to check if your email was exposed in the leak. Since then, we have received hundreds of emails asking what should be done for anyone whose account was compromised.

Read More

Analysis of Yahoo Voice Password Leak – 453,441 Passwords Exposed

We recently heard that a massive leak of Yahoo passwords has been floating on the interwebs for a few days. According to Ars Technica, the dump is from Yahoo Voice and the data was released in clear-text (yes, clear text in 2012). It seems they were not storing the passwords securely.

We got access to the dump and we can confirm that this leak is valid. We can not however confirm it is from Yahoo, the password analysis does not have many “Yahoo’s” in it (we’ll explain later).

That said, we recommend all Yahoo users to change their passwords ASAP! Specially on other services that you are reusing the same passwords. Better safe than sorry.

Read More