More details are surfacing about the security breach at Yahoo that led to approximately 450,000 account logins and passwords being revealed online in plain text, including the fact that thousands of accounts with other services -- Gmail and Hotmail among them -- may also be exposed.
So how can you tell if you're among the hacked? Tech Crunch has pointed to the security source Securi, a web monitoring site, where users can verify whether they're among the victims of the leak.
Other details that have emerged since the news broke are the most popular passwords that showed up in the leak. Dana Lengkeek, a spokeswoman for Yahoo, said in a statement published in the New York Times that most of the passwords being used were no longer valid: she estimated that less than 5 percent of them were.
And if that's true, it's a good thing since many of them violate standard password advice not to use predictable words, like "password," for example.
Security blogger Anders Nilsson did some number crunching to establish the most commonly used passwords that showed up from users and "123456" was the most popular choice, with more than 1,600 people having used it. Other standbys that people have been long advised not to use but that still appeared were, you guessed it, "password" which was the second most common and "welcome." There are also 172 people out there who are apparently still fond of "qwerty."
When LinkedIn was hacked last month and had 6 million user passwords stolen, their most popular list was noticeably different and included words related to the nature of the site itself: "link" "job" and "work" were all among their top five. However, there was still some overlap with the Yahoo list in that "1234" was the second most frequently used.
The Yahoo list does somewhat parallels data pulled from Splash Data last November of the most popular passwords of 2011. "Password" came in at number one and 123456 was second.
This incident reinforces what security researchers have been telling web users in recent months: Choose secure, unique passwords and don't reuse the same password for multiple accounts.