450k Voice Passwords Breached Confirmed by Yahoo
450000 login details were posted online from a group of hackers called D33ds they claimed that all these details came from an un identified Yahoo service and they obtained it through the traditional method of SQL injection. The worst thing is that all the log in credentials were posted on their official website (d33ds.co) but the site went down.
First it was linkedIn now its Yahoo, Hackers are gone wild in 2012. If you are a Yahoo voice's user here is a peice of advice for you, Go change your password right now, We are waiting for your right here because if you don't there is a great possibilty that your information will leak and yeah do change the passwords of all the other services you are using which are connected with your Yahoo voice id.
Yahoo confirmed the whole scene and gave a statement which is as follows:
"An older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords was compromised yesterday, Of these, less than 5% of the Yahoo! accounts had valid passwords. We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com."
The 450k usernames and passwords were publically posted on internet. Most of the websites went down due to this but the files can still be downloaded from torrents. The worst parted is all the credentials posted were not even encrypted. Just plain text revealing the info.
There is one more bad news for Yahoo voice users, Hackers got access to the complete database not just the username and the password but also name, phone number, address, bio, education details and much more about the 450k users, you can't change everything.
Now lets see what the hacker group has to say about this, D33ds says "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," Well now its completly upto you what do you want to believe and how you protect your personal information online
Sql injection is now one of most popular method of hacking. Is your website safe? Learn: How To Protect Your Website Against SQL Injection
About The Author:
Amin Motiwala is a blogger and a student at the same time . His current obsessions are mastering Android and Web Development. He blogs at eColumns