Print 27 comment(s) - last by leviathan05.. on Jul 16 at 4:34 PM

Hackers say data was posted as a warning

It's Sony Corp. (TYO:6758) all over again!  

Hackers with "D33ds Company" have posted 453,000 passwords from Yahoo! Inc.'s (YHOO) Voices -- a part of its news service.  Bafflingly, Yahoo administrators apparently opted for no encryption of the passwords, storing them in plain-text.

Hackers scooped up the passwords using SQL injection, according to TrustedSec.

The hackers write on their text dump:

We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.  There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.

They were at least kind enough not to publish details of how the penetrated Yahoo's servers.

compromised passwords
Some of the 453,000 compromised accounts. [Image Source: TrustedSec]

Yahoo insists that it's not that big a deal, saying that only 5 percent of the user passwords would pass as valid passwords on its other sites, hence most users day-to-day passswords were likely not compromised.

It does apologize, though, for the inconvenience, writing:

At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products.  We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised.

Multiple military and government email addresses were found among the users with leaked passwords.

Sources: d33ds co., TrustedSec, TechCrunch

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Not really lost...
By YashBudini on 7/13/2012 7:57:33 AM , Rating: 2
Like pirated music, if the usernames and passwords were any good, the hackers surely would have paid for them.

So if someone else hacked them and sold them for a profit then they'd be worth something? Really?

RE: Not really lost...
By lightfoot on 7/13/2012 11:48:49 AM , Rating: 3
It's a BS line when people claim that pirating music isn't stealing. Just as these hackers stole these usernames and passwords from Yahoo. It's just that Yahoo was stupid enough to leave them lying about almost completely unprotected.

The fact that Yahoo wasn't deprived of anything doesn't mean it wasn't a theft. My previous post was, apparently, a too-subtle joke.

However I wouldn't be surprised in the least if Yahoo regularly sold usernames and passwords to 3rd parties, and that would not have been considered a theft.

RE: Not really lost...
By YashBudini on 7/13/2012 1:57:21 PM , Rating: 2
The fact that Yahoo wasn't deprived of anything doesn't mean it wasn't a theft.

The fact that Yahoo doesn't place any value on their reputation doesn't mean none exists. And no matter how bad it was, it can always become worse.

I'm deleting my Yahoo account so it doesn't become a launching pad for more spam. The fewer subscribers they have the less they'll earn from advertising.

RE: Not really lost...
By DalisMoustache on 7/13/2012 3:06:54 PM , Rating: 3
As is common with people on the wrong side of the infringement debate your analogy is grossly distorted to the point of being deceitful. A password that has been taken and used or distributed by someone without permission permanently deprives the owner of something extraordinarily valuable: security. The original owner’s password has been rendered worthless to the original owner, and the original owner must create a new one to have anything of value.

Copyright infringement does none of this.

"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki