Yahoo Loses 453,000 User Passwords to Hackers
July 12, 2012 4:45 PM
comment(s) - last by
Hackers say data was posted as a warning
) all over again!
Hackers with "D33ds Company" have posted 453,000 passwords from Yahoo! Inc.'s (
) Voices -- a part of its news service. Bafflingly, Yahoo administrators apparently opted for no encryption of the passwords, storing them in plain-text.
Hackers scooped up the passwords using
The hackers write on their text dump:
We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.
They were at least kind enough not to publish details of how the penetrated Yahoo's servers.
Some of the 453,000 compromised accounts. [Image Source: TrustedSec]
Yahoo insists that it's not that big a deal, saying that only 5 percent of the user passwords would pass as valid passwords on its other sites, hence most users day-to-day passswords were likely not compromised.
It does apologize, though, for the inconvenience,
At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised.
Multiple military and government email addresses were found among the users with leaked passwords.
This article is over a month old, voting and posting comments is disabled
RE: was I on the list ...
7/13/2012 10:09:13 AM
It would have been nice to check, I've already changed mine, but again, only use it for spam.
But I don't buy the hackers BS line about a wake up call to Yahoo. They could have grabbed the info and not posted it, but instead they want to potentially hurt other users. I have no problem with "security researchers" who can compromise a system and then let the company and public know. But by dumping proprietary info onto the internet, they're now aholes. Track them down and prosecute.
RE: was I on the list ...
7/13/2012 10:41:28 AM
pfff, you think that any of these companies will listen to somebody sending them a polite little email informing them of their own incompetence? The only thing most big tech corporations respond to in the way of security is public embarrassment.
Bottom line is that Yahoo is the one who posted the passwords by storing them in plain text.
"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton
Nokia is the Victim of SQL Injection, Loses Developer Records
August 29, 2011, 8:37 AM
LulzSec Strikes Again, 1M Sony Pictures User Accounts Compromised
June 2, 2011, 6:27 PM
Amazon's New "Pantry" Service to Compete with Costco, Sam's Club
December 13, 2013, 11:26 AM
Quick Note: Former Googler Becomes Director of U.S. Patent and Trademark Office
December 12, 2013, 10:42 AM
AT&T Launches U-verse with GigaPower Network in Austin, Texas
December 11, 2013, 5:14 PM
Harlem to Receive U.S.' Largest Free Wi-Fi Network
December 11, 2013, 11:48 AM
Google's First Asian Data Centers Now Operational
December 11, 2013, 8:50 AM
Seattle's High-Speed Internet Rollout Delayed Due to Financial Issues
December 10, 2013, 12:14 PM
Most Popular Articles
Experts: Masturbation Prevents Cancer, Diabetes, Insomnia, and Depression
December 6, 2013, 2:01 PM
Report: Windows 8.2 Revives Start Menu, Runs Metro Apps in Desktop Mode
December 10, 2013, 2:56 PM
Hackers Nab 2 Million Login Credentials from Facebook, Gmail, Twitter
December 5, 2013, 1:00 PM
Houses Passes "Anti-Troll" Innovation Act With Pro-Apple, Microsoft Edits
December 9, 2013, 8:55 PM
Thieves Steal Truck with Cobalt-60 Onboard in Mexico, Will Die "Without a Doubt" from Exposure
December 5, 2013, 12:04 PM
Latest Blog Posts
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
Global Cyber Espionage Concerns Reveal Growing Cyber Armies
Nov 29, 2013, 11:04 AM
Is The Period Becoming an Expression of Anger?
Nov 26, 2013, 2:02 PM
NSA and Congress -- You Will Never Kill the Constitution, It's an Idea
Nov 10, 2013, 2:00 PM
AT&T Explores $100B+ USD Deal to Acquire Vodafone's European Operations
Nov 4, 2013, 7:34 AM
More Blog Posts
Copyright 2013 DailyTech LLC. -
Terms, Conditions & Privacy Information