Yahoo could well be in some serious bother, if the claims of a hacking group are true.
The group, D33DS, claims to have hacked into Yahoo’s servers (via SQL Injection) and stripped no less than 450,000 user names and passwords. These apparently pertain to Yahoo Voices accounts, and unfortunately, it seems the passwords were unencrypted, and were pilfered in plain text form.
We should stress that Yahoo hasn’t confirmed this breach, though, so we need to hear an official admission before it’s certain that the hack has hit Yahoo Voices users.
However, it would be a prudent measure for Voices members to change their passwords, and any other accounts for which they’ve duplicated that password (although you should avoid duplicating passwords for precisely this reason).
D33DS poured scorn over Yahoo’s lax security, and said the attack was a wake-up call for the company.
According to Sophos Security, the group issued a statement which read: “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.”
Yahoo is currently investigating the incident, and we’d imagine we’ll hear an official statement on the matter later today.
Hacking attacks are certainly on the up, this year and last. Indeed, last month saw an even bigger spillage by LinkedIn, which was fleeced of over 6 million passwords (although those were encrypted, and the social network has since strengthened its security).