Visit our 2014 Holiday Gift Guides
Home > >

"Hackers Spill More than 450,000 emails/passwords"

POST A REPLY
 
Thread Tools
Jul 12, 2012, 10:20pm   #1
No Cute's Avatar
Thread Starter
No Cute
cupcake butt
Hackers Spill More Than 450,000 Email Addresses And Passwords, Blame A Yahoo! Database Vulnerability

+ Comment now


blogs-images.forbes.com/andygreenberg/files/2012/07/Screen-Shot-2012-07-12-at-2.28.50-AM.pngTo repurpose an ancient advertising slogan: Do you Yahoo? Then you may want to change your account’s password, along with that of any other services that use the same one, following a public breach of more than 450,000 users’ details from one of Yahoo!’s databases late Wednesday night.

Hackers calling themselves the D33Ds Company published the list of unencrypted emails and passwords on the Web with a message explaining that they’d been taken from a unnamed Yahoo! service using a SQL injection vulnerability, a technique that can sneak commands into a website’s input fields to trick it into coughing up data from a back-end database. The security firm TrustedSec claims that it’s linked the stolen data with the Yahoo! Voice service.

According to a count by DataLossDB, the collection of leaked email addresses includes 136,000 Yahoo! mail addresses, 106,000 Gmail addresses, and 54,000 Hotmail addresses. Though it’s not exactly clear what Yahoo! service the passwords linked with those accounts in the hacker’s dump can be used for, they may give access to the listed email addresses in many cases where the user re-uses passwords between services.

D33Ds Company claimed in its note that the hack was intended to warn Yahoo! about similar vulnerabilities in its sites–a dubious notion given the potentially massive privacy violation their stunt represents. “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” reads D33Ds Company’s message. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

The message also includes a quote from Canadian philosopher Jean Vanier: “Growth begins when we begin to accept our own weakness.”




My work email was among the hacked. Everyone should change passwords immediately!
Jul 20, 2012, 12:32am   #2
l
lightdays
Break from tPF
Originally Posted by No Cute
Hackers Spill More Than 450,000 Email Addresses And Passwords, Blame A Yahoo! Database Vulnerability

+ Comment now


blogs-images.forbes.com/andygreenberg/files/2012/07/Screen-Shot-2012-07-12-at-2.28.50-AM.pngTo repurpose an ancient advertising slogan: Do you Yahoo? Then you may want to change your account’s password, along with that of any other services that use the same one, following a public breach of more than 450,000 users’ details from one of Yahoo!’s databases late Wednesday night.

Hackers calling themselves the D33Ds Company published the list of unencrypted emails and passwords on the Web with a message explaining that they’d been taken from a unnamed Yahoo! service using a SQL injection vulnerability, a technique that can sneak commands into a website’s input fields to trick it into coughing up data from a back-end database. The security firm TrustedSec claims that it’s linked the stolen data with the Yahoo! Voice service.

According to a count by DataLossDB, the collection of leaked email addresses includes 136,000 Yahoo! mail addresses, 106,000 Gmail addresses, and 54,000 Hotmail addresses. Though it’s not exactly clear what Yahoo! service the passwords linked with those accounts in the hacker’s dump can be used for, they may give access to the listed email addresses in many cases where the user re-uses passwords between services.

D33Ds Company claimed in its note that the hack was intended to warn Yahoo! about similar vulnerabilities in its sites–a dubious notion given the potentially massive privacy violation their stunt represents. “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” reads D33Ds Company’s message. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

The message also includes a quote from Canadian philosopher Jean Vanier: “Growth begins when we begin to accept our own weakness.”




My work email was among the hacked. Everyone should change passwords immediately!
Wow this is scary! How do you know your account is hacked?
Jul 20, 2012, 1:21am   #3
No Cute's Avatar
Thread Starter
No Cute
cupcake butt
Originally Posted by lightdays
Wow this is scary! How do you know your account is hacked?
Got an email from IT at work. I don't even have a yahoo account that I am aware of, but my work email/pw was published. I guess when it came out, if I knew where to look, I could have seen my stuff. Grateful I got notified.

I say, with or without being part of the hacking, a password change is a good idea right now for everyone.
Jul 20, 2012, 1:31am   #4
l
lightdays
Break from tPF
Originally Posted by No Cute
Got an email from IT at work. I don't even have a yahoo account that I am aware of, but my work email/pw was published. I guess when it came out, if I knew where to look, I could have seen my stuff. Grateful I got notified.

I say, with or without being part of the hacking, a password change is a good idea right now for everyone.
Thanks. It's people like these that fk it up for everybody. How annoying. I just changed my passwords a few weeks ago and now I have to do it again.
Jul 20, 2012, 3:55am   #5
Sternchen's Avatar
Sternchen
Member
Is there a way to find out if your email was affected?
Jul 20, 2012, 10:44am   #6
ILuvShopping's Avatar
ILuvShopping
★☆★★☆★★☆★
ahhhh i hate changing the password on my email. screws up so many things.. and then i'm worried i'm going to forget it. :( i've already changed that password so many times!
POST A REPLY
  HOME > >  
TOP

Thread Tools