Friday, July 13, 2012

Yahoo Hacked 13 July 2012

Yesterday (12 July 2012) a hacker group D33ds Company claimed responsibility for attacking a Yahoo service via a union-based SQL injection and exposing 453,492 plain text login credentials. And today Yahoo confirms that its 400, 000 accounts are hacked.

The published credentials apparently belong to Yahoo!'s VoIP service, Yahoo! Voices, which runs on Yahoo!'s instant messenger. However, D33ds did not reveal the service the credentials came from. The group said it wasn't disclosing that information because it wanted to avoid further damage. What's more, according to a D33d's statement posted to PC World, the attack was supposed to be a wake up call, and not a threat.

The hack happened Wednesday, according to Yahoo, and involved a file that contained old user information for the Yahoo Contributor Network service. The Yahoo Contributor Network is a publication tool that lets users contribute content to Yahoo and potentially earn money doing so. Only about 5% of the accounts still had valid passwords, Yahoo said.
"We apologize to affected users," the company said in an email statement. "We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at"

A hacker group called D33D claimed it was responsible for the attack and said it hoped Yahoo and the others involved would see this as a wake-up call rather than a threat.
The top five passwords in the stolen batch were "123456," "password," "welcome," "ninja" and "abc123," said David Harley, senior research fellow at security firm ESET.


No comments:

Post a Comment