Yahoo said earlier today that it has fixed the security vulnerability that let hackers obtain and publish 450,000 email addresses and passwords used by freelance contributors to Yahoo Voices.
Furthermore, Yahoo said the data was old, containing only login information used by contributors who had signed up before May 2010, when Yahoo Voices was known as Associated Content. (Yahoo bought Associated Content that month.)
Case closed, right?
We don’t think Yahoo should get off that easily. Here’s why.
First of all, Yahoo hasn’t explained why it had an improperly secured server containing unencrypted passwords on its network.
Second of all, Yahoo said this morning—a day and the half after it learned the hack had happened—that it’s STILL contacting affected users. A Yahoo Voices contributor we talked to told us that all Yahoo sent her was the same statement it gave the media.
Lastly—and this is key—these aren’t ordinary users of Yahoo’s free services. Yahoo Voices contributors are journalists—amateurs in many cases, but they’re still reporters, many of whom are taking on controversial local-news stories. Some use pen names. Yahoo has exposed their identities.
As Yahoo emphasises the media part of its business, it needs to show that it will protect the people who create its content, whether they’re on staff or freelance contributors on Yahoo Voices.
Imagine if the New York Times was hacked and its reporters’ passwords were exposed. Everyone would be outraged, right?
If you believe in the premise of citizen journalism—that the Internet allows anyone to become a reporter—then we don’t see why the Yahoo Voices hack is any less significant.
Business Insider Emails & Alerts
Site highlights each day to your inbox.