Albeit, Yahoo password hack exploited a vulnerability on the database on its Contributor Network through SQL injection (a basic attack that comprises entering command into the search field of a website to access information stored on the server), the catch remains that such level of sensitive data was not stored cryptographically.
And ironically as it seems, there were no firewalls setup to monitor and detect such malicious activities.
The hackers, despite breaking into the database, would not have been able to make sense of the users information, were it randomly and cryptographically stored.
The security breach has again highlighted how the basic online security best practices have been neglected by leading companies, which follows after more than 5 million passwords were stolen from top networking sites, including Linkedin and eHarmony.
The lapses inevitably means users log-in credentials, even extensively robust passwords are at risk, and given that some users replicate passwords across several web services portal, its thereby advised to make necessary password changes.