Industry News

Hackers Spill 453,000 Yahoo Credentials on the Internet

Attackers allegedly exposed 453,000 Yahoo credentials, posting them on hacker site D33D Company as plain text. The compromised server was likely Yahoo! Voice, formerly known as Associated Content, as first reported by TrustedSec.

Hackers got into the Yahoo subdomain using a union-based SQL injection technique that pumps in newly formed database commands, dumping the database contents to the attacker.

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” read the message at the end of the dump. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

The dump includes 54,000 Hotmail addresses, 106,000 from Gmail customers, and 136,000 from Yahoo! users, according to a DataLossDB analysis. Of the credentials exposed, 342,509 are unique.

The exposure comes shortly after a series of apparently unrelated LinkedIn, eHarmony, and Last.fm password breaches which made more than 8 million credentials vanish in one go. Also, social media network Formspring has just discovered 420,000 hashed passwords exposed on a security forum.

Yahoo hasn’t commented on the alleged breach.

About the author

Bianca STANESCU

Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story. She's the industry news guru, who'll always keep a close eye on the AV movers and shakers and report their deeds from a fresh new perspective. Proud mother of one, she covers parental control topics, with a view to valiantly cutting a safe path for children through the Internet thicket. She likes to let words and facts speak for themselves.

5 Comments

Click here to post a comment