12 of 20Image
July: Yahoo password breach exposes 450,000 user logins
Yahoo, beleaguered by corporate failures and a revolving door of CEOs, came under fire once again after hackers were able to attack the firm's networks by exploiting a flaw and downloading 450,000 plain-text login credentials.
While the breach was not as large as others, such as LinkedIn or Global Payments, but details of the breach were soon reported and it became quickly apparent how easy it was to acquire the vast cache of data. Using a union-based SQL injection attack, it showed just how insecure Yahoo's security was.
Yahoo was subsequently sued for negligence shortly after the hack in a San Jose, California court. The hackers said in a blog post: "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat." A week later, the former Web portal giant gave the all clear and resumed its operations.
Nvidia developer forums hacked, company investigates
Graphics unit maker Nvidia suffered a relatively minor security breach that affected the firm's developer forums. Coming only a few weeks after the LinkedIn, eHarmony, and Last.fm password debacles, by comparison the breach was not as bad as those who suffered breaches earlier.
The firm said that it had secured the hashed passwords with "random salt values" making it slightly more difficult for the passwords to be decrypted, but Nvidia still sent all of its forum users a temporary password that must be changed on first use.
Formspring password breach, mass password reset follows
Formspring was also next on the list of companies to be attacked and passwords stolen. As soon as the firm realized there had been a security breach, Formspring sent out an email to those affected asking them to change their password.
Around 420,000 password hashes were posted to a security forum, but username and other data were not submitted, making it almost impossible to do anything with. However, the form-based question firm used the SHA-256 algorithm to secure its user's accounts and passwords were hashed with random salts. Formspring now uses bcrypt in order to secure accounts even further.