Yahoo Hacked….. 450K Logins Posted….. Time To Wake Up Says Hackers [UPDATED]

News.com is reporting that Yahoo has had an epic hack. And those how did the hack sent a message on the tail end of the hack:

The hacked data, posted to the hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer’s network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain, intended the data dump to be a “wake-up call.”

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers said in a comment at the bottom of the data. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

The subdomain in question is Yahoo Voice. Here’s what Yahoo had to say:

Yahoo confirmed that it is looking into the matter. “We are currently investigating the claims of a compromise of Yahoo! user IDs,” it said in a statement, according to the BBC. The company also told the BBC that it was unclear which portion of its network was affected, after first having said the problem originated at Yahoo Voice.

If this is the case, and it looks like it is, then the Yahoo’s of the world need to tidy up their security. Clearly if this group, or any group for that matter, can get this info, then security on the web is in need of serious improvement.

UPDATE: Yahoo has confirmed that the usernames and passwords of more than 400,000 accounts were stolen from their servers earlier this week and that data was briefly posted online. The information has since been removed but it wasn’t just credentials for Yahoo, but also Gmail, AOL, Comcast, Hotmail, MSN, SBC Global, BellSouth, Verizon and Live.com as well. Yikes! If you are now paranoid about the security of your Yahoo account, you can use this to check to see if you’re one of the unlucky 400,000.

Leave a Reply

%d bloggers like this: