Hackers Spill More Than 450,000 Email Addresses And Passwords, Blame A Yahoo! Database Vulnerability + Comment now blogs-images.forbes.com/andygreenberg/files/2012/07/Screen-Shot-2012-07-12-at-2.28.50-AM.pngTo repurpose an ancient advertising slogan: Do you Yahoo? Then you may want to change your account’s password, along with that of any other services that use the same one, following a public breach of more than 450,000 users’ details from one of Yahoo!’s databases late Wednesday night. Hackers calling themselves the D33Ds Company published the list of unencrypted emails and passwords on the Web with a message explaining that they’d been taken from a unnamed Yahoo! service using a SQL injection vulnerability, a technique that can sneak commands into a website’s input fields to trick it into coughing up data from a back-end database. The security firm TrustedSec claims that it’s linked the stolen data with the Yahoo! Voice service. According to a count by DataLossDB, the collection of leaked email addresses includes 136,000 Yahoo! mail addresses, 106,000 Gmail addresses, and 54,000 Hotmail addresses. Though it’s not exactly clear what Yahoo! service the passwords linked with those accounts in the hacker’s dump can be used for, they may give access to the listed email addresses in many cases where the user re-uses passwords between services. D33Ds Company claimed in its note that the hack was intended to warn Yahoo! about similar vulnerabilities in its sites–a dubious notion given the potentially massive privacy violation their stunt represents. “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” reads D33Ds Company’s message. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.” The message also includes a quote from Canadian philosopher Jean Vanier: “Growth begins when we begin to accept our own weakness.” My work email was among the hacked. Everyone should change passwords immediately!