Up to the Minute

"Hackers Spill More than 450,000 emails/passwords"

No Cute Posted By No Cute Posted Jul 12, 2012

  1. Hackers Spill More Than 450,000 Email Addresses And Passwords, Blame A Yahoo! Database Vulnerability

    + Comment now


    blogs-images.forbes.com/andygreenberg/files/2012/07/Screen-Shot-2012-07-12-at-2.28.50-AM.pngTo repurpose an ancient advertising slogan: Do you Yahoo? Then you may want to change your account’s password, along with that of any other services that use the same one, following a public breach of more than 450,000 users’ details from one of Yahoo!’s databases late Wednesday night.

    Hackers calling themselves the D33Ds Company published the list of unencrypted emails and passwords on the Web with a message explaining that they’d been taken from a unnamed Yahoo! service using a SQL injection vulnerability, a technique that can sneak commands into a website’s input fields to trick it into coughing up data from a back-end database. The security firm TrustedSec claims that it’s linked the stolen data with the Yahoo! Voice service.

    According to a count by DataLossDB, the collection of leaked email addresses includes 136,000 Yahoo! mail addresses, 106,000 Gmail addresses, and 54,000 Hotmail addresses. Though it’s not exactly clear what Yahoo! service the passwords linked with those accounts in the hacker’s dump can be used for, they may give access to the listed email addresses in many cases where the user re-uses passwords between services.

    D33Ds Company claimed in its note that the hack was intended to warn Yahoo! about similar vulnerabilities in its sites–a dubious notion given the potentially massive privacy violation their stunt represents. “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” reads D33Ds Company’s message. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

    The message also includes a quote from Canadian philosopher Jean Vanier: “Growth begins when we begin to accept our own weakness.”




    My work email was among the hacked. Everyone should change passwords immediately!
     
  2. Wow this is scary! How do you know your account is hacked?
     
  3. Got an email from IT at work. I don't even have a yahoo account that I am aware of, but my work email/pw was published. I guess when it came out, if I knew where to look, I could have seen my stuff. Grateful I got notified.

    I say, with or without being part of the hacking, a password change is a good idea right now for everyone.
     
  4. Thanks. It's people like these that fk it up for everybody. How annoying. I just changed my passwords a few weeks ago and now I have to do it again.
     
  5. Is there a way to find out if your email was affected?
     
  6. ahhhh i hate changing the password on my email. screws up so many things.. and then i'm worried i'm going to forget it. :sad: i've already changed that password so many times!