Yahoo! Voice Compromised, 450K Login Credentials Stolen & Posted In Plain Text
After LinkedIn, eHarmony and Formspring here comes another big fish, guess who ?? Its one of the widely used web search engine - Yahoo! A list of over 453,491 email addresses and plain-text passwords, in a document named "Owned and Exposed" apparently from users of a Yahoo! service, is in circulation on the internet. According to security expert and former hacker and well known security expert Kevin Mitnick, the passwords belong to the little-known VoIP service, Yahoo! Voice. The information is contained in a 17MB text file and has been released by a group of hackers calling themselves the D33DS Company. Access to the original information is said to have been achieved through use of an SQL injection vulnerability, where databases are accessed through inadequately filtered parameters passing through the web front end. Whether the passwords were originally stored as plain text in the database or if the hackers had already cracked hashed passwords to produce the file is unclear.
The original D33ds site that posted the login credentials (d33ds.co) was down as of early Thursday morning; however, the text file is available through torrents and sites such as Media Fire.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the D33ds group said in the text file containing the leaked credentials. The group said it did not reveal which Yahoo service the hacked credentials came from “to avoid further damage.”
Yahoo confirmed it was hacked and provided the following statement:-
“An older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords was compromised yesterday, Of these, less than 5% of the Yahoo! accounts had valid passwords. We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com."
While looking at the current scenario we strongly advise you to change your Yahoo! passowrds immediately & also set a strong password in an alpha-numeric combination. Enjoy reading Voice of Greyhat & stay safe and happy on the Internet.
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
cyber-crime
,
NEWS
,
ROT
,
security-news
,
vulnerablity
