Hackers publish 450,000 unencrypted Yahoo login credentials
Yahoo has become the latest online service to suffer a massive password breach. Hacking group D33D Company has publicly posted more than 450,000 login credentials belonging to the Yahoo Contributor Network on its website. The hackers claimed to have used an SQL injection technique to extract the data, which contains passwords which are unencrypted.
In a brief footnote that has since been taken offline, the hackers wrote: "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat." The group warned of "many security holes" exploited in web servers belonging to Yahoo that have resulted in "far greater damage" than this particular disclosure.
Cyber security expert Philip Lieberman, who is the CEO of identity management technology provider Lieberman Software, had some harsh words for Yahoo. "This is a gigantic warning to consumers about trusting their personal information to large companies that don't prioritize security and privacy as business goals of their company," says Lieberman. "The nature of this hack points to Yahoo taking the cheap way out for databases via mySQL and then not even bothering to encrypt or hash passwords."
For its part, Yahoo has confirmed the hack, but insists that the compromised file was an "older" one, according to CNET. The company says that less than 5 percent of the exposed passwords are currently valid, but is silent on the topic of non-Yahoo IDs that were exposed by the hack. Non-Yahoo IDs include more than 100,000 Gmail and 50,000 Hotmail credentials, among others, that can be used to login to its services.
With no way to know which Yahoo accounts are affected, a safe move would be to change your Yahoo password as soon as possible. You can read more about the password leak in this detailed FAQ here.
- check out this article at CNET