Keep up with the news by installing RT’s extension for . Never miss a story with this clean and simple app that delivers the latest headlines to you.

 
search
section

Hackers expose login details of 400,000 Yahoo! users

Published time: July 12, 2012 12:58
Edited time: July 12, 2012 20:37
Reuters/Albert Gea

Tags

Crime, Internet

The security details of almost half a million internet users have been compromised, after hackers posted what appear to be login credentials to online accounts. Yahoo has confirmed the security breach.

The material was posted by a hacking collective known as D33Ds Company, according to Ars Technica. The group said in a statement at the bottom of the data that they used a technique known as a union-based SQL injection, which preys on poorly-secured web applications.

The hackers claim the information was gathered from a service on the Yahoo network.

The subdomain may to belong to Yahoo Voices, a contribution service which allows user-generated content to be published online, according to security firm Trusted Sec.

The method attacks sites that do not properly examine text which is entered into search boxes and other input fields. Hackers then inject database commands which trick servers into sharing large amounts of sensitive information.

Experts say the passwords were not encrypted – making them vulnerable for any hacker to immediately gain access to online accounts.

Members of D33Ds say they intend the hack to be used as a “wake-up call.”

"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," the hackers said in their statement. "There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.”

The latest entries in the information appear to be from accounts created in 2006, which may imply the data is old, or no longer in use.

Android Forums and Formspring were attacked at the same time. They encrypted the passwords that they stored, although there is still a possibility that they could be cracked.

Users are being encouraged to change their passwords immediately, and to check whether they used the same login details for other online services.

It is not yet known whether the three attacks are linked.

Comments (4)

Jeremy (unregistered) 13.07.2012 00:39

JJ (unregistered) wrote in #1 Did you know when you type things in your email like "Oh my sister justhad a baby", then you will see ads for baby stuff in your Yahoo, yeah.  So really Yahoo is already hacking you by filtering the words you type to snoopon you.  I mean be serious, it's like free email, what do you expect.  Get wiseand just PAY MONEY for an email account, oh and buy the name and allthat it's cheap.  Cause these days, everyone is snooping on you if you're usingsomething that's free.  Oh RT We LOVE YOU, CNN HITS 21 YEARRATINGS LOW!  AND CNN POSTS WORST QUARTER IN 21 YEARS!   Guess people just get sick of reading propaganda.  ---- I totally agree with you JJ, Yahoo is a joke, and CNN. Has almost no credibility; I hope both go bankrupt and are shut down.

+2

Undo

Bad done (unregistered) 12.07.2012 17:45


Those hackers are a disgrace and traitors to the hacker community. The purpose of hacking is to gain advantage of the enemy and undermine him. What they have done is informing them and let the enemy know. And do you know why they have done that? because they are stupid script kiddies. SQL injection is for retarded. I am pretty sure they can't code at all. All they do is insert some ' or some ; -- drop table and see what happens and they do that by trial and error on tens of thousands of websites. There is no art or skill in there.

As per the yahoo incompetents, I cant believe it! That website must have been developed 10 years ago, not even the worst retarded would miss a SQL injection today

0

Undo

weisz (unregistered) 12.07.2012 16:24

Is the American Industry relying on the below people for IT work ! You will be more surprised to know that Indian software IT companies encourage its workers in office rave parties, many software IT office drain pipes are clogged with rubbers. Even Vizag IT area was in news due to drain clogging with rubbers, due to night shifts, many indulge in such activities in office and also nearby lake 'durgam cheruvu' in hitech city cyberabad. Many genetic material can be found on keyboards too apart from office floors.

0

Undo

View all comments (4)
Add comment

By posting your comment, you agree to abide by our Posting rules

Log in to comment in full, or comment anonymously under character-limit restriction.

100 Text

– required fields

Register or

Name

Password

Show password

Register

or Register

Request a new password

Send

or Register

To complete a registration check
your Email:

or Register

A password has been sent to your email address

Edit profile

Name

New password

Retype new password

Current password

Save

Cancel
Where to watch Schedule

Follow us

Recommended

Internet D-Day: FBI unplugs thousands of malware victims 5

Blackout looming: Thousands to lose Internet access as FBI shuts down servers 16

Free cyberspace: Netizens propose new Internet Freedom Declaration 7

Lost in translation: Anonymous hacks Japanese government…almost 10

© Autonomous Nonprofit Organization “TV-Novosti”, 2005–2013. All rights reserved.