Hackers expose 453,000 Yahoo accounts

by Mark Tyson on 12 July 2012, 21:41

Tags: Yahoo! (NASDAQ:YHOO)

Quick Link: HEXUS.net/qabjlb

Add to My Vault: x

There were reports earlier today about 453,000 Yahoo passwords being stolen. The password and username data was stored as plain text within an SQL database and extracted by a hacker group called D33Ds Company. The hackers said they went public with the usernames and passwords to highlight weaknesses in Yahoo security. Tonight Yahoo has confirmed the security breach, saying that only a few of the leaked stolen passwords are valid.

Yahoo say an “old” file from the Yahoo Contributor Network was compromised. As it is a content sharing platform many user names and passwords were from Yahoo services and others such as Gmail, Hotmail etc. The company says it will fix the vulnerabilities, change affected user passwords and notify those users. Yahoo apologised for the breach, in a statement it said “We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com”.

D33Ds Company says it obtained the user login details using an SQL injection technique which is a commonly used attack by hackers trying to extract data from vulnerable servers. “Take this as a wake-up call” declared the hacking group.

A partially erased screenshot of the user:pass list published by D33Ds Company

Security focused website TrustedSec said it is highly alarming that Yahoo chose to store the 453,000 passwords in a completely unencrypted form. As I write the D33Ds Company website seems to have collapsed under the throng of visitors, either that or some authority has made it unavailable for now.

As for who is and who is not affected, TrustedSec recommend all Yahoo users change their passwords immediately. However Yahoo said less than five per cent of the released details were currently valid. C|net has a list of the top 20 domains/passwords compromised by the D33Ds Company disclosure. If you have user accounts with any of those services it may be worth updating passwords there too. However it seems to me that you must have signed up for the Yahoo Contributor Network at some point to be on the leaked 453,000 user list.



HEXUS Forums :: 25 Comments

Login with Forum Account

Don't have an account? Register today!
oh joy…
Another nail in the Yahoo coffin.
Have i missed something or has this piece of turd group actually released the details in full (i.e not with half of it blurred, did you add this? ). If they did just throw it out well they will end up with a swift punch in the face if i ever meet them, im fed up with little groups like this that think its cool or they're doing people a favour, they arent doing anything good… a wake up call yeah flipping right, if you wanted to give yahoo a wake up call you would have sent them all these details NOT thrown them on the web to hurt CONSUMERS/THE FRACKING PUBLIC.

These people are bloody retards, oh yeah lets gain access to peoples accounts and credit details and release them to public to shove it to the big corporations, instead they make hassle for the public and have basically got spam bots and other **** things selling their credit details etc.

never signed up with yahoo so shouldnt effected but still makes my blood boil, flipping pricks.
It's completely laughable and unacceptable that any company should hold passwords in plaintext, let alone one as huge as Yahoo. It's not exactly rocket science!
my email wasnt on it, and yes email:password.

best to follow the link in the pic and check if your one of them.

and yes the day i meet someone who admits to releasing stuff like this will get a thumb in each eye.