A hacker group has broken into one of the servers of the popular Internet company Yahoo and downloaded login credentials of more than 450,000 users. The hacked data was posted online on Wednesday.
The hacker group which calls itself D33DS Company, hacked into an unidentified subdomain of Yahoo’s website, where they obtained unencrypted account details. The hackers said that they have used a “union-based SQL injection” technique to penetrate the subdomain of Yahoo.
The hackers commented at the bottom of the posted data, “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
Passwords are generally ‘hashed’ using cryptography techniques to prevent hacking attacks. But in this case, the stolen passwords were stored in plain text without using hashing functions, which seemed to be the great security issue.
The hackers’ website d33ds.co, where the stolen data was posted, was not available from Thursday. The site was registered in February.
According to a TrustedSec report, the affected subdomain seemed to belong to a VOIP (voice-over-Internet Protocol) service called Yahoo Voices. The posted data included the host name dbb1.ac.bf1.yahoo.com, which appeared to have associated with the Yahoo Voices platform.
Yahoo confirmed the attack and said, “At Yahoo! We take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised.”
An analysis of the cracked passwords, by CNET, revealed that numbers like ‘12345’ were used 2,295 times and ‘password’ was used 780 times out of the total 450,000 passwords.
i have checked mine and still safe.
for everyone check your pass by search at google : "your password"
i got my twitter password shared by hacker at hacker forum
be careful, change your password periodic
I am still secure. Hope to would be. But i would like to know there is any way to protect yahoo password.
I read your article, that was simple and good….
Incredible work on this follow up blog. You’ve really poured your heart into these blogs!
It is rare for me to find something on the cyberspace that’s as entertaining and fascinating as what you’ve got here. Your page is lovely, your graphics are outstanding, and what’s more, you use source that are relevant to what you are talking about. You are certainly one in a million, well done!
True saying. One must check the passwords time to time.
Great amazing issues here. I am very glad to see your article. Thanks a lot and i am taking a look forward to touch you. Will you please drop me a mail?