Print 27 comment(s) - last by leviathan05.. on Jul 16 at 4:34 PM

Hackers say data was posted as a warning

It's Sony Corp. (TYO:6758) all over again!  

Hackers with "D33ds Company" have posted 453,000 passwords from Yahoo! Inc.'s (YHOO) Voices -- a part of its news service.  Bafflingly, Yahoo administrators apparently opted for no encryption of the passwords, storing them in plain-text.

Hackers scooped up the passwords using SQL injection, according to TrustedSec.

The hackers write on their text dump:

We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.  There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.

They were at least kind enough not to publish details of how the penetrated Yahoo's servers.

compromised passwords
Some of the 453,000 compromised accounts. [Image Source: TrustedSec]

Yahoo insists that it's not that big a deal, saying that only 5 percent of the user passwords would pass as valid passwords on its other sites, hence most users day-to-day passswords were likely not compromised.

It does apologize, though, for the inconvenience, writing:

At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products.  We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised.

Multiple military and government email addresses were found among the users with leaked passwords.

Sources: d33ds co., TrustedSec, TechCrunch

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: was I on the list ...
By Cypherdude1 on 7/13/2012 7:10:28 PM , Rating: 3
pretty much. Their portal has become a bloated mess and quite lag prone, not to mention spammers have been able to send their garbage to me without having posted my yahoo mail address. Ever.
I also use Yahoo! eMail for spam. Occasionally, Yahoo! does have service problems. However, for the most part, They work OK. It could be because I am using their "Classic" interface.
Too bad they removed the link, would be nice to check if i'm in it.
D33DS did NOT remove their link or file. They are simply overloaded. I got their file below. You must have both a .GZ and .TAR archive extractor to extract the file. D33DS archived their "yahoo-disclosure.txt" file inside both a .TAR archive and then inside a .GZ file. I recommend the free 7-ZIP utility.
Due to the high traffic on our server,
the file has been moved (mirrored+compressed).

[Mirrors - Offical]

If you would like to donate/help with our hosting

RE: was I on the list ...
By heffeque on 7/14/2012 3:35:13 PM , Rating: 2
I'm posting here just to say... "MERCADONA"


Best password ever. Mercadona will conquer the entire world!

"This week I got an iPhone. This weekend I got four chargers so I can keep it charged everywhere I go and a land line so I can actually make phone calls." -- Facebook CEO Mark Zuckerberg

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki