backtop


Print 27 comment(s) - last by leviathan05.. on Jul 16 at 4:34 PM

Hackers say data was posted as a warning

It's Sony Corp. (TYO:6758) all over again!  

Hackers with "D33ds Company" have posted 453,000 passwords from Yahoo! Inc.'s (YHOO) Voices -- a part of its news service.  Bafflingly, Yahoo administrators apparently opted for no encryption of the passwords, storing them in plain-text.

Hackers scooped up the passwords using SQL injection, according to TrustedSec.

The hackers write on their text dump:

We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.  There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.

They were at least kind enough not to publish details of how the penetrated Yahoo's servers.

compromised passwords
Some of the 453,000 compromised accounts. [Image Source: TrustedSec]

Yahoo insists that it's not that big a deal, saying that only 5 percent of the user passwords would pass as valid passwords on its other sites, hence most users day-to-day passswords were likely not compromised.

It does apologize, though, for the inconvenience, writing:

At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products.  We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised.

Multiple military and government email addresses were found among the users with leaked passwords.

Sources: d33ds co., TrustedSec, TechCrunch



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Interesting analysis of the passwords
By leviathan05 on 7/13/2012 8:41:14 AM , Rating: 1
I don't use a very secure password on my spam email account. If hackers want to break in and see all of the spam mail I've racked up over the years, they're welcome to it. Anybody who uses yahoo as their primary email is just asking for trouble.


RE: Interesting analysis of the passwords
By mindless1 on 7/13/2012 1:52:22 PM , Rating: 2
What they will do is use your spam email account to SEND spam.


By CZroe on 7/15/2012 7:40:54 AM , Rating: 2
THIS, except that Yahoo Voices != Yahoo Mail.


RE: Interesting analysis of the passwords
By leviathan05 on 7/16/2012 10:11:02 AM , Rating: 2
Send spam to whom? I have no contacts.


RE: Interesting analysis of the passwords
By CZroe on 7/16/2012 10:30:54 AM , Rating: 2
You clearly have no idea how spamming works. They don't want your account to spam your contacts. They want your account to get around roadblocks so that they can spam the world with the "contacts" they already have. You may not care about your account's security but we could all be suffering for it.


By leviathan05 on 7/16/2012 4:34:02 PM , Rating: 2
Clearly you don't understand that it takes a lot more effort to try and steal my account info than it does to create a new email address at Yahoo.


"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki