Yahoo hacked for 450,000 passwords

Another major internet firm hit by a hacking attack
Adam Smith

July 12, 2012

Yahoo could well be in some serious bother, if the claims of a hacking group are true.

The group, D33DS, claims to have hacked into Yahoo’s servers (via SQL Injection) and stripped no less than 450,000 user names and passwords. These apparently pertain to Yahoo Voices accounts, and unfortunately, it seems the passwords were unencrypted, and were pilfered in plain text form.

We should stress that Yahoo hasn’t confirmed this breach, though, so we need to hear an official admission before it’s certain that the hack has hit Yahoo Voices users.

However, it would be a prudent measure for Voices members to change their passwords, and any other accounts for which they’ve duplicated that password (although you should avoid duplicating passwords for precisely this reason).

D33DS poured scorn over Yahoo’s lax security, and said the attack was a wake-up call for the company.

According to Sophos Security, the group issued a statement which read: “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.”

Yahoo is currently investigating the incident, and we’d imagine we’ll hear an official statement on the matter later today.

Hacking attacks are certainly on the up, this year and last. Indeed, last month saw an even bigger spillage by LinkedIn, which was fleeced of over 6 million passwords (although those were encrypted, and the social network has since strengthened its security).

Samsung Galaxy S3

Post a comment

Your email address will not be published. Required fields are marked *


Visited 2889 times, 3 so far today