450,000 Credentials Stolen and Posted from Yahoo
Posted by aonenetworks On July 13, 2012Hackers who recently stole nearly half a million pieces of information from Yahoo said they intended for the breach to be a “wake-up call” to companies that aren’t investing enough in security.
D33D Company, one of the largest hacking websites on the Web, reports that the hackers used a union-based SQL technique to invade a high-traffic Yahoo subdomain. “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers wrote at the bottom of the data post. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
The data was stolen from a subdomain that belongs to Yahoo Voices – the hackers didn’t remove the hostname from the posted data. Dbb1.ac.bf1.yahoo.com is a host name that appears to only be associated with the Yahoo Voices platform, also known as Associated Content.
Currently, Yahoo says they are looking into the matter carefully. According to a statement on BBC’s website, Yahoo is “currently investigating the claims of a compromise of Yahoo! User IDs,” and continued by saying that they were unsure where the breach was and what portion of usernames were affected.
Password security has become of utmost importance in the past few weeks. Less than two months ago, 8 million passwords and usernames were posted from LinkedIn, eHarmony, and Last.fm. The passwords ranged from “12345” to “startrek”. Earlier this week, Formspring disabled the passwords of every single user because some 420,000 hashed passwords had been posted to a security forum the day before.
Photo Credit: Brian Leary