As you may or may not be aware, Gawker Media’s network was seriously compromised over the weekend, and hundreds of thousands of login/password pairs have been posted in public. The overwhelming majority of these belong to people who registered on a Gawker-owned site in order to post comments; these sites include Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot. Gawker’s official statement is here.
You can find out if you’re affected here. The instructions look a little initimidating, but just do it; it’s easier than it sounds.
The nut of the matter is, if you ever used your login/password pair on a Gawker site as your login/password pair anyplace else, you need to change your password at those other places in a hurry. Particularly if those other sites might have access to any of your financial information—but really, even if they don’t.
This being the case, it’s notable that as of right now, when you log into Yahoo and follow the link on their account-management page to change your own password, you’re directed to an internal Yahoo “this page doesn’t exist” error message. This also happens if you try to change your password on Yahoo-owned Flickr.
I’ve tried about ten different phone numbers for Yahoo over the past hour. Nine of them don’t have a human answering until 12 noon EST (9 AM PST). The tenth led to a call-center employee who could not understand the problem, would not audibly yield up his name, and refused to put me through to a supervisor.
I dunno, if I were a struggling internet giant and something like the Gawker breach had happened over the weekend, I wouldn’t want to wait until 9 AM West Coast time before hearing that my own change-your-password link was hosed. But maybe it’s just that kind of attention to detail that’s made Yahoo so dominant over its competitors in recent years. Does anyone reading this have any way of contacting a responsible human being there?
(PS: I am not actually vulnerable here; my Yahoo login and password are different from my old Gawker Media pair. The Gawker story provoked me to go through all my accounts in order to replace existing passwords with longer, more random ones generated by the excellent 1Password utility, which is how I noticed Yahoo’s problem. But there are almost certainly thousands of people whose now-exposed Gawker credentials are the same as their Yahoo credentials.)