Yahoo Japan engineers detected an unauthorized attempt to access the administrative system of its web portal late on Thursday, reports the Kyodo news agency (subscription required). “We don’t know if the file (of 22 million user IDs) was leaked or not, but we can’t deny the possibility,” said Yahoo Japan in a statement on Friday.
According to Kyodo, the potential leak does not include passwords, so will not, on its own, allow hackers to access user data. Nevertheless, Fox Business says the company is urging users to change their passwords. This is good advice given users’ habit of re-using credentials in multiple accounts. If the user IDs have indeed been stolen, the thieves could match the IDs with credentials stolen from elsewhere to find valid Yahoo Japan accounts to log into.
In a separate incident reported last month Yahoo Japan found malware on its systems. The malware apparently accessed data from 1.27 million users, but the company claims to have discovered and neutralized the attack before any data was exfiltrated. “The company's monitoring system detected malware trying to extract data, and the company shut down access and forced the program to shut down, it said, adding that it will investigate how it happened and take steps to prevent a recurrence of a similar incident,” reported ABS CBN News.
Japan has a history of major cyber security incidents. In 2011 Sony admitted that usernames, passwords and birthdays of more than 100 million people were potentially compromised when the PlayStation Network and Sony Online Entertainment services were hacked by LulzSec (last week, three of four Brits involved with LulzSec were sent to prison, with the fourth receiving a suspended prison sentence). Earlier this year, the UK's Information Commissioner ruled that the “data controller failed to ensure that the Network Platform service provider kept up with technical developments," and fined Sony £250,000 for the data loss.
At the end of last year, the Center for International Public Policy Studies (CIPPS) concluded that new security efforts by the Japanese government had “started bearing fruit, but [there is] still a long way to go.”
Yahoo Japan is the leading search provider in Japan, with Google ranking second. Based on page views from 2012 provided by Donnamedia, Search Blog Asia shows that the gap between the two search giants is closing: from around 56% and 31% (Yahoo/Google) in 2009 to 51% and 36% in 2012.