Attackers allegedly exposed 453,000 Yahoo credentials, posting them on hacker site D33D Company as plain text. The compromised server was likely Yahoo! Voice, formerly known as Associated Content, as first reported by TrustedSec.
Hackers got into the Yahoo subdomain using a union-based SQL injection technique that pumps in newly formed database commands, dumping the database contents to the attacker.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” read the message at the end of the dump. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
The dump includes 54,000 Hotmail addresses, 106,000 from Gmail customers, and 136,000 from Yahoo! users, according to a DataLossDB analysis. Of the credentials exposed, 342,509 are unique.
The exposure comes shortly after a series of apparently unrelated LinkedIn, eHarmony, and Last.fm password breaches which made more than 8 million credentials vanish in one go. Also, social media network Formspring has just discovered 420,000 hashed passwords exposed on a security forum.
Yahoo hasn’t commented on the alleged breach.
Really a interesting piece of news
Won’t know why yahoo still exists it is a the unsafe webportal
thanks for this news
Cheers Life
HARE kRISHNA
[…] Nvidia password breach follows a recent Yahoo Voice hack that made more than 450,000 credentials vanish in one go. Yahoo apologized for the affected users who had their passwords and usernames stored in […]
[…] after the breach that made 453,000 Yahoo Voice credentials vanish, cyber-crooks started targeting Irish and Brits with an old lottery phishing technique. Victims […]
[…] July, hackers posted more than 453,000 Yahoo credentials on the Internet after breaching the company’s subdomain using a union-based SQL injection technique. Other […]